HelpCache/Microsoft.ActiveDirectory.Management.dll-help.xml
<?xml version = "1.0" encoding = "utf-8" ?>
<helpItems schema="maml"> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Add-ADCentralAccessPolicyMember</command:name><maml:description><maml:para>Adds central access rules to a central access policy in Active Directory. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Add</command:verb><command:noun>ADCentralAccessPolicyMember</command:noun><dev:version /></command:details><maml:description><maml:para>The Add-ADCentralAccessPolicyMember cmdlet adds central access rules to a central access policy in Active Directory. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Add-ADCentralAccessPolicyMember</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADCentralAccessPolicy</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Members</maml:name><maml:description><maml:para>Specifies a set of central access rule (CAR) objects in a comma-separated list to add to a central access policy (CAP). To identify each object, use one of the following property values: -- Name -- Distinguished Name -- GUID (objectGUID) Note: The identifier in parentheses is the LDAP display name.</maml:para><maml:para>You can also provide objects to this parameter directly. </maml:para><maml:para>You cannot pass objects through the pipeline to this parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADCentralAccessRule[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADCentralAccessPolicy</command:parameterValue><dev:type><maml:name>ADCentralAccessPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Members</maml:name><maml:description><maml:para>Specifies a set of central access rule (CAR) objects in a comma-separated list to add to a central access policy (CAP). To identify each object, use one of the following property values: -- Name -- Distinguished Name -- GUID (objectGUID) Note: The identifier in parentheses is the LDAP display name.</maml:para><maml:para>You can also provide objects to this parameter directly. </maml:para><maml:para>You cannot pass objects through the pipeline to this parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADCentralAccessRule[]</command:parameterValue><dev:type><maml:name>ADCentralAccessRule[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADCentralAccessPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An ADCentralAccessPolicy object is received by the Identity parameter.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.ADCentralAccessPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the modified ADCentralAccessPolicy object when the PassThru parameter is specified. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Add-ADCentralAccessPolicyMember -Identity "Finance Policy" -Member "Finance Documents Rule","Corporate Documents Rule" </dev:code><dev:remarks><maml:para>This command adds the central access rules Finance Documents Rule and Corporate Documents Rule to the central access policy Finance Policy. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Add-ADCentralAccessPolicyMember cmdlet Add-ADCentralAccessPolicyMember at command pipeline position 1 Supply values for the following parameters: Identity: Finance Policy Members[0]: Finance Documents Rule Members[1]: Corporate Documents Rule Members[2]: </dev:code><dev:remarks><maml:para>This command demonstrates default behavior for this cmdlet with no parameters specified. You are prompted for the central access policy to modify and the rules to add to the policy.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADCentralAccessPolicy -Filter { Name -like "Corporate*" } | Add-ADCentralAccessPolicyMember -Members "Corporate Documents Rule" </dev:code><dev:remarks><maml:para>This command gets all central access policies that have a name that starts with Corporate and then passes this information to Add-ADCentralAccessPolicyMember by using the pipeline operator. The Add-ADCentralAccessPolicyMember cmdlet then adds the central access rule with the name Corporate Documents Rule to it. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291002</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADCentralAccessPolicyMember</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Add-ADComputerServiceAccount</command:name><maml:description><maml:para>Adds one or more service accounts to an Active Directory computer.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Add</command:verb><command:noun>ADComputerServiceAccount</command:noun><dev:version /></command:details><maml:description><maml:para>The Add-ADComputerServiceAccount cmdlet adds one or more computer service accounts to an Active Directory computer. </maml:para><maml:para>The Computer parameter specifies the Active Directory computer that will host the new service accounts. You can identify a computer by its distinguished name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. You can also set the Computer parameter to a computer object variable, such as $<localComputerobject>, or pass a computer object through the pipeline to the Computer parameter. For example, you can use the Get-ADComputer cmdlet to retrieve a computer object and then pass the object through the pipeline to the Add-ADComputerServiceAccount cmdlet. </maml:para><maml:para>The ServiceAccount parameter specifies the service accounts to add. You can identify a service account by its distinguished name (DN), GUID, Security Identifier (SID) or Security Accounts Manager (SAM) account name. You can also specify service account object variables, such as $<localServiceAccountObject>. If you are specifying more than one account, use a comma-separated list. </maml:para><maml:para>Note: Adding a service account is a different operation than installing the service account locally. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Add-ADComputerServiceAccount</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases="Computer"><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory computer object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- Security Accounts Manager Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the identifier given is a DN, the partition to search will be computed from that DN. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a computer object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADComputer</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>ServiceAccount</maml:name><maml:description><maml:para>Specifies one or more Active Directory service accounts. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- SAM Account Name (sAMAccountName)</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADServiceAccount[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para></maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para></maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases="Computer"><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory computer object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- Security Accounts Manager Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the identifier given is a DN, the partition to search will be computed from that DN. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a computer object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADComputer</command:parameterValue><dev:type><maml:name>ADComputer</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>ServiceAccount</maml:name><maml:description><maml:para>Specifies one or more Active Directory service accounts. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- SAM Account Name (sAMAccountName)</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADServiceAccount[]</command:parameterValue><dev:type><maml:name>ADServiceAccount[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADComputer</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A computer object is received by the Computer parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADComputer</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the modified computer object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work when targeting a snapshot using the Server parameter. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Add-ADComputerServiceAccount -Computer ComputerAcct1 -ServiceAccount SvcAcct1 </dev:code><dev:remarks><maml:para>This command adds the service account SvcAcct1 to a Computer Account ComputerAcct1.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Add-ADComputerServiceAccount -Computer ComputerAcct1 -ServiceAccount SvcAcct1,SvcAcct2 </dev:code><dev:remarks><maml:para>This command adds two service accounts, SvcAcct1 and SvcAcct2, to a Computer Account ComputerAcct1. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291003</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADComputer</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADComputerServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADComputerServiceAccount</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Add-ADDomainControllerPasswordReplicationPolicy</command:name><maml:description><maml:para>Adds users, computers, and groups to the allowed or denied list of a read-only domain controller password replication policy.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Add</command:verb><command:noun>ADDomainControllerPasswordReplicationPolicy</command:noun><dev:version /></command:details><maml:description><maml:para>The Add-ADDomainControllerPasswordReplicationPolicy cmdlet adds one or more users, computers, and groups to the allowed or denied list of a read-only domain controller (RODC) password replication policy. </maml:para><maml:para>The Identity parameter specifies the RODC that uses the allowed and denied lists to apply the password replication policy. You can identify a domain controller by its GUID, IPV4Address, global IPV6Address, or DNS host name. You can also identify a domain controller by the name of the server object that represents the domain controller, the Distinguished Name (DN) of the NTDS settings object of the server object, the GUID of the NTDS settings object of the server object under the configuration partition, or the DN of the computer object that represents the domain controller. You can also set the Identity parameter to a domain controller object variable, such as $<localDomainControllerobject>, or pass a domain controller object through the pipeline to the Identity parameter. For example, you can use the Get-ADDomainController cmdlet to get a domain controller object and then pass the object through the pipeline to the Add-ADDomainControllerPasswordReplicationPolicy cmdlet. You must specify a read-only domain controller. If you specify a writeable domain controller for this parameter, the cmdlet returns a non-terminating error. </maml:para><maml:para>The AllowedList parameter specifies the users, computers, and groups to add to the allowed list. Similarly, the DeniedList parameter specifies the users, computers, and groups to add to the denied list. You must specify either one or both of the AllowedList and DeniedList parameters. You can identify a user, computer, or group by distinguished name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. You can also specify user, computer, or group variables, such as $<localUserObject>. If you are specifying more than one item, use a comma-separated list. If a specified user, computer, or group is not on the allowed or denied list, the cmdlet does not return an error. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Add-ADDomainControllerPasswordReplicationPolicy</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory domain controller object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A GUID (objectGUID) -- An IPV4Address -- A Global IPV6Address -- A DNS Host Name (dNSHostName) -- A name of the server object -- A Distinguished Name of the NTDS Settings object -- A Distinguished Name of the server object that represents the domain controller -- A GUID of NTDS settings object under the configuration partition -- A GUID of server object under the configuration partition -- A Distinguished Name of the computer object that represents the domain controller </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDomainController</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para><maml:para>Specifies the credentials for the security context under which the task is performed. If this security context doesn't have directory level permissions to perform the task, then an error is returned by the directory. If running under the context of an AD PowerShell provider drive, the credentials information associated with the drive is used as the default value; otherwise, the currently logged on user security context is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AllowedList</maml:name><maml:description><maml:para>Specifies the users, computers, groups or other accounts to add to the list of accounts allowed to replicate their passwords to this Read-only domain controller (RODC). You can specify more than one value by using a comma-separated list. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A Security Accounts Manager (SAM) account name (sAMAccountName) </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Add-ADDomainControllerPasswordReplicationPolicy</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory domain controller object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A GUID (objectGUID) -- An IPV4Address -- A Global IPV6Address -- A DNS Host Name (dNSHostName) -- A name of the server object -- A Distinguished Name of the NTDS Settings object -- A Distinguished Name of the server object that represents the domain controller -- A GUID of NTDS settings object under the configuration partition -- A GUID of server object under the configuration partition -- A Distinguished Name of the computer object that represents the domain controller </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDomainController</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para><maml:para>Specifies the credentials for the security context under which the task is performed. If this security context doesn't have directory level permissions to perform the task, then an error is returned by the directory. If running under the context of an AD PowerShell provider drive, the credentials information associated with the drive is used as the default value; otherwise, the currently logged on user security context is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DeniedList</maml:name><maml:description><maml:para>Specifies the users, computers, groups or other accounts to add to the list of accounts that are denied the right to replicate their passwords to this Read-only domain controller (RODC). You can specify more than one value by using a comma-separated list. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM account name (sAMAccountName) </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AllowedList</maml:name><maml:description><maml:para>Specifies the users, computers, groups or other accounts to add to the list of accounts allowed to replicate their passwords to this Read-only domain controller (RODC). You can specify more than one value by using a comma-separated list. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A Security Accounts Manager (SAM) account name (sAMAccountName) </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue><dev:type><maml:name>ADPrincipal[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para><maml:para>Specifies the credentials for the security context under which the task is performed. If this security context doesn't have directory level permissions to perform the task, then an error is returned by the directory. If running under the context of an AD PowerShell provider drive, the credentials information associated with the drive is used as the default value; otherwise, the currently logged on user security context is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DeniedList</maml:name><maml:description><maml:para>Specifies the users, computers, groups or other accounts to add to the list of accounts that are denied the right to replicate their passwords to this Read-only domain controller (RODC). You can specify more than one value by using a comma-separated list. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM account name (sAMAccountName) </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue><dev:type><maml:name>ADPrincipal[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory domain controller object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A GUID (objectGUID) -- An IPV4Address -- A Global IPV6Address -- A DNS Host Name (dNSHostName) -- A name of the server object -- A Distinguished Name of the NTDS Settings object -- A Distinguished Name of the server object that represents the domain controller -- A GUID of NTDS settings object under the configuration partition -- A GUID of server object under the configuration partition -- A Distinguished Name of the computer object that represents the domain controller </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDomainController</command:parameterValue><dev:type><maml:name>ADDomainController</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADDomainController</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A read-only domain controller (RODC) object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None.</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Add-ADDomainControllerPasswordReplicationPolicy -Identity "FABRIKAM-RODC1" -AllowedList "JesperAaberg", "AdrianaAdams" </dev:code><dev:remarks><maml:para>This command adds user accounts with the specified SamAccountNames to the Allowed list on the RODC specified by the Identity parameter. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- EXAMPLE 2 --------------------------</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Add-ADDomainControllerPasswordReplicationPolicy -Identity "FABRIKAM-RODC1" -DeniedList "MichaelAllen", "ElizabethAndersen" </dev:code><dev:remarks><maml:para>This command adds user accounts with the specified SamAccountNames to the Denied list on the RODC specified by the Identity parameter. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291004</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADDomainController</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADDomainControllerPasswordReplicationPolicy</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Add-ADFineGrainedPasswordPolicySubject</command:name><maml:description><maml:para>Applies a fine-grained password policy to one more users and groups.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Add</command:verb><command:noun>ADFineGrainedPasswordPolicySubject</command:noun><dev:version /></command:details><maml:description><maml:para>The Add-ADFineGrainedPasswordPolicySubject cmdlet applies a fine-grained password policy to one or more global security groups and users. </maml:para><maml:para>The Identity parameter specifies the fine-grained password policy to apply. You can identify a fine-grained password policy by its distinguished name, GUID or name. You can also set the Identity parameter to a fine-grained password policy object variable, such as $<localPasswordPolicyObject>, or pass a fine-grained password policy object through the pipeline operator to the Identity parameter. For example, you can use the Get-ADFineGrainedPasswordPolicy cmdlet to get a fine-grained password policy object and then pass the object through the pipeline operator to the Add-ADFineGrainedPasswordPolicySubject cmdlet. </maml:para><maml:para>The Subjects parameter specifies the users and global security groups. You can identify a user or global security group by its distinguished name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. You can also specify user and global security group object variables, such as $<localUserObject>. If you are specifying more than one user or group, use a comma-separated list. To pass user and global security group objects through the pipeline to the Subjects parameter, use the Get-ADUser or the Get-ADGroup cmdlets to retrieve the user or group objects, and then pass these objects through the pipeline operator to the Add-ADFineGrainedPasswordPolicySubject cmdlet. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Add-ADFineGrainedPasswordPolicySubject</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory fine-grained password policy object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A name (name) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a fine-grained password policy object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADFineGrainedPasswordPolicy</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="2" aliases=""><maml:name>Subjects</maml:name><maml:description><maml:para>Specifies one or more users or groups. To specify more than one user or group, use a comma-separated list. You can identify a user or group by one of the following property values: -- Distinguished Name (DN) -- GUID (objectGUID) -- Security Identifier (objectSid) -- SAM Account Name (sAMAccountName)</maml:para><maml:para>Note: The identifier in parentheses is the LDAP display name for the attribute. </maml:para><maml:para>You can also provide objects to this parameter directly. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value is used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition is set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition is set to the default partition or naming context of the target domain.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>In AD LDS environments, a default value for Partition is set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition is set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter does not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory fine-grained password policy object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A name (name) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a fine-grained password policy object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADFineGrainedPasswordPolicy</command:parameterValue><dev:type><maml:name>ADFineGrainedPasswordPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value is used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules are evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition is set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition is set to the default partition or naming context of the target domain.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>In AD LDS environments, a default value for Partition is set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition is set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter does not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="2" aliases=""><maml:name>Subjects</maml:name><maml:description><maml:para>Specifies one or more users or groups. To specify more than one user or group, use a comma-separated list. You can identify a user or group by one of the following property values: -- Distinguished Name (DN) -- GUID (objectGUID) -- Security Identifier (objectSid) -- SAM Account Name (sAMAccountName)</maml:para><maml:para>Note: The identifier in parentheses is the LDAP display name for the attribute. </maml:para><maml:para>You can also provide objects to this parameter directly. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue><dev:type><maml:name>ADPrincipal[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy, Microsoft.ActiveDirectory.Management.ADPrincipal</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A fine-grained password policy object is received by the Identity parameter. One or more principal objects that represent users and security group objects are received by the Subjects parameter. Derived principal types, such as the following are also accepted by the Subjects parameter: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the modified fine-grained password policy object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Add-ADFineGrainedPasswordPolicySubject -Identity DomainUsersPSO -Subjects 'Domain Users' </dev:code><dev:remarks><maml:para>This command applies the Fine-Grained Password Policy named DomainUsersPSO to a Global Security Group Domain Users. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Add-ADFineGrainedPasswordPolicySubject -Identity DlgtdAdminsPSO -Subjects BobKe,KimAb </dev:code><dev:remarks><maml:para>This command applies the Fine-Grained Password Policy named DlgtdAdminsPSO to two users, with SamAccountNames BobKe and KimAb. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Add-ADFineGrainedPasswordPolicySubject -Identity DlgtdAdminsPSO -Subjects DlgtdAdminGroup </dev:code><dev:remarks><maml:para>This command applies the Fine-Grained Password Policy named DlgtdAdminsPSO to the group DlgtdAdminGroup. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADGroup -Filter {lastname -eq "John"} | Add-ADFineGrainedPasswordPolicySubject -Identity DlgtdAdminsPSO </dev:code><dev:remarks><maml:para>This command applies the Fine-Grained Password Policy named DlgtdAdminsPSO to any users whose last names is John. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291005</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADFineGrainedPasswordPolicy</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Add-ADGroupMember</command:name><maml:description><maml:para>Adds one or more members to an Active Directory group.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Add</command:verb><command:noun>ADGroupMember</command:noun><dev:version /></command:details><maml:description><maml:para>The Add-ADGroupMember cmdlet adds one or more users, groups, service accounts, or computers as new members of an Active Directory group. </maml:para><maml:para>The Identity parameter specifies the Active Directory group that receives the new members. You can identify a group by its distinguished name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. You can also specify group object variable, such as $<localGroupObject>, or pass a group object through the pipeline to the Identity parameter. For example, you can use the Get-ADGroup cmdlet to get a group object and then pass the object through the pipeline to the Add-ADGroupMember cmdlet. </maml:para><maml:para>The Members parameter specifies the new members to add to a group. You can identify a new member by its distinguished name (DN), GUID, security identifier (SID) or SAM account name. You can also specify user, computer, and group object variables, such as $<localUserObject>. If you are specifying more than one new member, use a comma-separated list. You cannot pass user, computer, or group objects through the pipeline to this cmdlet. To add user, computer, or group objects to a group by using the pipeline, use the Add-ADPrincipalGroupMembership cmdlet. </maml:para><maml:para>For AD LDS environments, the Partition parameter must be specified except in the following two conditions: -- The cmdlet is run from an Active Directory provider drive. -- A default naming context or partition is defined for the AD LDS environment. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. </maml:para><maml:para></maml:para><maml:para></maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Add-ADGroupMember</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory group object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- Distinguished Name -- GUID (objectGUID) -- Security Identifier (objectSid) -- Security Accounts Manager (SAM) Account Name (sAMAccountName) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>This example shows how to set the parameter to a distinguished name. </maml:para><maml:para>-Identity "CN=saradavisreports,OU=europe,CN=users,DC=corp,DC=contoso,DC=com" </maml:para><maml:para>This example shows how to set this parameter to a group object instance named ADGroupInstance. </maml:para><maml:para>-Identity $ADGroupInstance </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADGroup</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Members</maml:name><maml:description><maml:para>Specifies a set of user, group, and computer objects in a comma-separated list to add to a group. To identify each object, use one of the following property values. Note: The identifier in parentheses is the LDAP display name. The acceptable values for this parameter are: -- Distinguished Name -- GUID (objectGUID) -- Security Identifier (objectSid) -- SAM Account Name (sAMAccountName) </maml:para><maml:para>You can also provide objects to this parameter directly. </maml:para><maml:para>The following examples show how to specify this parameter. </maml:para><maml:para>This example specifies a user and group to add by specifying the distinguished name and the SAM Account Name properties. </maml:para><maml:para>-Members "CN=SaraDavis,CN=employees,CN=Users,DC=contoso,DC=com", "saradavisreports" </maml:para><maml:para>This example specifies a user and a group object that are defined in the current Windows PowerShell session as input for the parameter. </maml:para><maml:para>-Members $userObject, $groupObject </maml:para><maml:para>The objects specified for this parameter are processed as Microsoft.ActiveDirectory.Management.ADPrincipal objects. Derived types, such as the following are also received by this parameter. -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADGroup </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>You cannot pass objects through the pipeline to this parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para><maml:para>The following example shows how to set this parameter to Basic. </maml:para><maml:para>-AuthType Basic </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>The following two examples show how to specify a value for this parameter. </maml:para><maml:para>-Partition "CN=Configuration,DC=EUROPE,DC=TEST,DC=CONTOSO,DC=COM" </maml:para><maml:para>-Partition "CN=Schema,CN=Configuration,DC=EUROPE,DC=TEST,DC=CONTOSO,DC=COM" </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: - If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of will be set to the default partition or naming context of the target domain. Partition</maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para><maml:para>The following example shows how to set this parameter to Basic. </maml:para><maml:para>-AuthType Basic </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory group object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- Distinguished Name -- GUID (objectGUID) -- Security Identifier (objectSid) -- Security Accounts Manager (SAM) Account Name (sAMAccountName) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>This example shows how to set the parameter to a distinguished name. </maml:para><maml:para>-Identity "CN=saradavisreports,OU=europe,CN=users,DC=corp,DC=contoso,DC=com" </maml:para><maml:para>This example shows how to set this parameter to a group object instance named ADGroupInstance. </maml:para><maml:para>-Identity $ADGroupInstance </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADGroup</command:parameterValue><dev:type><maml:name>ADGroup</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Members</maml:name><maml:description><maml:para>Specifies a set of user, group, and computer objects in a comma-separated list to add to a group. To identify each object, use one of the following property values. Note: The identifier in parentheses is the LDAP display name. The acceptable values for this parameter are: -- Distinguished Name -- GUID (objectGUID) -- Security Identifier (objectSid) -- SAM Account Name (sAMAccountName) </maml:para><maml:para>You can also provide objects to this parameter directly. </maml:para><maml:para>The following examples show how to specify this parameter. </maml:para><maml:para>This example specifies a user and group to add by specifying the distinguished name and the SAM Account Name properties. </maml:para><maml:para>-Members "CN=SaraDavis,CN=employees,CN=Users,DC=contoso,DC=com", "saradavisreports" </maml:para><maml:para>This example specifies a user and a group object that are defined in the current Windows PowerShell session as input for the parameter. </maml:para><maml:para>-Members $userObject, $groupObject </maml:para><maml:para>The objects specified for this parameter are processed as Microsoft.ActiveDirectory.Management.ADPrincipal objects. Derived types, such as the following are also received by this parameter. -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADGroup </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>You cannot pass objects through the pipeline to this parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue><dev:type><maml:name>ADPrincipal[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>The following two examples show how to specify a value for this parameter. </maml:para><maml:para>-Partition "CN=Configuration,DC=EUROPE,DC=TEST,DC=CONTOSO,DC=COM" </maml:para><maml:para>-Partition "CN=Schema,CN=Configuration,DC=EUROPE,DC=TEST,DC=CONTOSO,DC=COM" </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: - If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of will be set to the default partition or naming context of the target domain. Partition</maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADGroup</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A group object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADGroup</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the modified group object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Add-ADGroupMember -Identity SvcAccPSOGroup -Members SQL01,SQL02 </dev:code><dev:remarks><maml:para>This command adds the user accounts with SamAccountNames SQL01,SQL02 to the group SvcAccPSOGroup. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Add-ADGroupMember cmdlet Add-ADGroupMember at command pipeline position 1 Supply values for the following parameters: Identity: RodcAdmins Members[0]: JohnSmith Members[1]: JeffPrice Members[2]: </dev:code><dev:remarks><maml:para>This command adds user accounts with SamAccountNames JohnSmith and JeffPrice to the group RodcAdmins. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADGroup -Server localhost:60000 -SearchBase "OU=AccountDeptOU,DC=AppNC" -Filter { name -like "AccountLeads" } | Add-ADGroupMember -Members "CN=SanjayPatel,OU=AccountDeptOU,DC=AppNC" </dev:code><dev:remarks><maml:para>This command gets a group from the Organizational Unit OU=AccountDeptOU,DC=AppNC in the AD LDS instance localhost:60000 that has the name AccountLeads and then pipes it to Add-ADGroupMember, which then adds the user account with DistinguishedName CN=SanjayPatel,OU=AccountDeptOU,DC=AppNC to it.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$user = Get-ADUser -Identity "CN=Glen John,OU=UserAccounts,DC=NORTHAMERICA,DC=FABRIKAM,DC=COM" -Server "northamerica.fabrikam.com" PS C:\> $group = Get-ADGroup -Identity "CN=AccountLeads,OU=UserAccounts,DC=EUROPE,DC=FABRIKAM,DC=COM -Server "europe.fabrikam.com" PS C:\> Add-ADGroupMember -Identity $group -Member $user -Server "europe.fabrikam.com" </dev:code><dev:remarks><maml:para>This command adds the user CN=Glen John,OU=UserAccounts from the North America domain to the group CN=AccountLeads,OU=UserAccounts in the Europe domain. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291006</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ADPrincipalGroupMembership</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADGroup</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADGroupMember</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADPrincipalGroupMembership</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADGroupMember</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADPrincipalGroupMembership</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Add-ADPrincipalGroupMembership</command:name><maml:description><maml:para>Adds a member to one or more Active Directory groups.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Add</command:verb><command:noun>ADPrincipalGroupMembership</command:noun><dev:version /></command:details><maml:description><maml:para>The Add-ADPrincipalGroupMembership cmdlet adds a user, group, service account, or computer as a new member to one or more Active Directory groups. </maml:para><maml:para>The Identity parameter specifies the new user, computer, or group to add. You can identify the user, group, or computer by its distinguished name (DN), GUID, security identifier (SID), or SAM account name. You can also specify a user, group, or computer object variable, such as $<localGroupObject>, or pass an object through the pipeline to the Identity parameter. For example, you can use the Get-ADGroup cmdlet to get a group object and then pass the object through the pipeline to the Add-ADPrincipalGroupMembership cmdlet. Similarly, you can use Get-ADUser or Get-ADComputer to get user and computer objects to pass through the pipeline. </maml:para><maml:para>This cmdlet collects all of the user, computer and group objects from the pipeline, and then adds these objects to the specified group by using one Active Directory operation. </maml:para><maml:para>The MemberOf parameter specifies the groups that receive the new member. You can identify a group by its distinguished name (DN), GUID, security identifier (SID), or Security Accounts Manager (SAM) account name. You can also specify group object variable, such as $<localGroupObject>. To specify more than one group, use a comma-separated list. You cannot pass group objects through the pipeline to the MemberOf parameter. To add to a group by passing the group through the pipeline, use the Add-ADGroupMember cmdlet. </maml:para><maml:para>For AD LDS environments, the Partition parameter must be specified except in the following two conditions: -- The cmdlet is run from an Active Directory provider drive. -- A default naming context or partition is defined for the AD LDS environment. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. </maml:para><maml:para></maml:para><maml:para></maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Add-ADPrincipalGroupMembership</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory principal object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- Distinguished Name -- GUID (objectGUID) -- Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount </maml:para><maml:para>This example shows how to set the parameter to a distinguished name. </maml:para><maml:para>-Identity "CN=saradavis,CN=Users,DC=corp,DC=contoso,DC=com" </maml:para><maml:para>This example shows how to set this parameter to a principal object instance named principalInstance. </maml:para><maml:para>-Identity $principalInstance </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADPrincipal</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>MemberOf</maml:name><maml:description><maml:para>Specifies the Active Directory groups to add a user, computer, or group to as a member. You can identify a group by providing one of the following values. Note: The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- Distinguished Name -- GUID (objectGUID) -- Security Identifier (objectSid) -- Security Accounts Manager (SAM) Account Name (sAMAccountName) </maml:para><maml:para>If you are specifying more than one group, use commas to separate the groups in the list. </maml:para><maml:para>The following example shows how to specify this parameter by using SAM account name values. </maml:para><maml:para>-MemberOf "SaraDavisGroup", "JohnSmithGroup" </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADGroup[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para><maml:para>The following example shows how to set this parameter to Basic. </maml:para><maml:para>-AuthType Basic </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>The following two examples show how to specify a value for this parameter. </maml:para><maml:para>-Partition "CN=Configuration,DC=EUROPE,DC=TEST,DC=CONTOSO,DC=COM" </maml:para><maml:para>-Partition "CN=Schema,CN=Configuration,DC=EUROPE,DC=TEST,DC=CONTOSO,DC=COM" </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para></maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para><maml:para>The following example shows how to set this parameter to Basic. </maml:para><maml:para>-AuthType Basic </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory principal object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- Distinguished Name -- GUID (objectGUID) -- Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount </maml:para><maml:para>This example shows how to set the parameter to a distinguished name. </maml:para><maml:para>-Identity "CN=saradavis,CN=Users,DC=corp,DC=contoso,DC=com" </maml:para><maml:para>This example shows how to set this parameter to a principal object instance named principalInstance. </maml:para><maml:para>-Identity $principalInstance </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADPrincipal</command:parameterValue><dev:type><maml:name>ADPrincipal</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>MemberOf</maml:name><maml:description><maml:para>Specifies the Active Directory groups to add a user, computer, or group to as a member. You can identify a group by providing one of the following values. Note: The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- Distinguished Name -- GUID (objectGUID) -- Security Identifier (objectSid) -- Security Accounts Manager (SAM) Account Name (sAMAccountName) </maml:para><maml:para>If you are specifying more than one group, use commas to separate the groups in the list. </maml:para><maml:para>The following example shows how to specify this parameter by using SAM account name values. </maml:para><maml:para>-MemberOf "SaraDavisGroup", "JohnSmithGroup" </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADGroup[]</command:parameterValue><dev:type><maml:name>ADGroup[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>The following two examples show how to specify a value for this parameter. </maml:para><maml:para>-Partition "CN=Configuration,DC=EUROPE,DC=TEST,DC=CONTOSO,DC=COM" </maml:para><maml:para>-Partition "CN=Schema,CN=Configuration,DC=EUROPE,DC=TEST,DC=CONTOSO,DC=COM" </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para></maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADPrincipal</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A principal object (Microsoft.ActiveDirectory.Management.ADPrincipal) that represents a user, computer or group is received by the Identity parameter. Derived types, such as the following are also received by this parameter. </maml:para><maml:para>Microsoft.ActiveDirectory.Management.ADUser </maml:para><maml:para>Microsoft.ActiveDirectory.Management.ADComputer </maml:para><maml:para>Microsoft.ActiveDirectory.Management.ADServiceAccount </maml:para><maml:para>Microsoft.ActiveDirectory.Management.ADGroup </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADPrincipal</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns a principal object that represents the modified user, computer or group object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Add-ADPrincipalGroupMembership -Identity SQLAdmin1 -MemberOf DlgtdAdminsPSOGroup </dev:code><dev:remarks><maml:para>This command adds the user with SamAccountName SQLAdmin1 to the group DlgtdAdminsPSOGroup. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADUser -Filter 'Name -like "*SvcAccount*"' | Add-ADPrincipalGroupMembership -MemberOf SvcAccPSOGroup </dev:code><dev:remarks><maml:para>This command gets all users with SvcAccount in their name and adds it to the group SvcAccPSOGroup. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Add-ADPrincipalGroupMembership cmdlet Add-ADPrincipalGroupMembership at command pipeline position 1 Supply values for the following parameters: Identity: JeffPrice MemberOf[0]: RodcAdmins MemberOf[1]: Allowed RODC Password Replication Group MemberOf[2]: </dev:code><dev:remarks><maml:para>This command demonstrates the default behavior of this cmdlet, with no parameters specified. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADUser -Server localhost:60000 -SearchBase "DC=AppNC" -filter { Title -eq "Account Lead" -and Office -eq "Branch1" } | Add-ADPrincipalGroupMembership -MemberOf "CN=AccountLeads,OU=AccountDeptOU,DC=AppNC" </dev:code><dev:remarks><maml:para>This command adds all employees in Branch1 in the AD LDS instance localhost:60000 whose title is Account Lead to the group with the DistinguishedName "CN=AccountLeads,OU=AccountDeptOU,DC=AppNC". </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291007</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ADGroupMember</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADComputer</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADGroup</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADGroupMember</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADPrincipalGroupMembership</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADUser</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADGroupMember</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADPrincipalGroupMembership</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Add-ADResourcePropertyListMember</command:name><maml:description><maml:para>Adds one or more resource properties to a resource property list in Active Directory. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Add</command:verb><command:noun>ADResourcePropertyListMember</command:noun><dev:version /></command:details><maml:description><maml:para>The Add-ADResourcePropertyListMember cmdlet adds one or more resource properties to a resource property list in Active Directory. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Add-ADResourcePropertyListMember</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourcePropertyList</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Members</maml:name><maml:description><maml:para>Specifies a set of ADResourceProperty objects in a comma-separated list to add to a resource property list. To identify each object, use one of the following property values: -- Name -- Distinguished Name -- GUID (objectGUID) Note: The identifier in parentheses is the LDAP display name. </maml:para><maml:para>You can also provide objects to this parameter directly. </maml:para><maml:para>You cannot pass objects through the pipeline to this parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADResourceProperty[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourcePropertyList</command:parameterValue><dev:type><maml:name>ADResourcePropertyList</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Members</maml:name><maml:description><maml:para>Specifies a set of ADResourceProperty objects in a comma-separated list to add to a resource property list. To identify each object, use one of the following property values: -- Name -- Distinguished Name -- GUID (objectGUID) Note: The identifier in parentheses is the LDAP display name. </maml:para><maml:para>You can also provide objects to this parameter directly. </maml:para><maml:para>You cannot pass objects through the pipeline to this parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADResourceProperty[]</command:parameterValue><dev:type><maml:name>ADResourceProperty[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADClaimTypeList</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A ADClaimTypeList object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADClaimTypeList</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the modified ADClaimTypeList object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Add-ADResourcePropertyListMember -Identity "Global Resource Property List" -Members Country,Authors </dev:code><dev:remarks><maml:para>This command adds the resource properties named Country and Authors to the global resource property list. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Add-ADResourcePropertyListMember cmdlet Add-ADResourcePropertyListMember at command pipeline position 1 Supply values for the following parameters: Identity: Corporate Resource Property List Members[0]: Country Members[1]: Authors Members[2]: </dev:code><dev:remarks><maml:para>This command demonstrates default behavior for this cmdlet, no parameters specified. Adds the resource properties named Country and Authors to the resource property list named Corporate Resource Property List.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADResourcePropertyList -Filter { Name -like "Corporate*" } | Add-ADResourcePropertyListMember -Members Country,Authors </dev:code><dev:remarks><maml:para>This command gets any resource property list that has a name that begins with Corporate and then pipes it to Add-ADResourcePropertyListMember, which then adds the resource properties with the name Country and Authors to it. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291008</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Clear-ADAccountExpiration</command:name><maml:description><maml:para>Clears the expiration date for an Active Directory account.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Clear</command:verb><command:noun>ADAccountExpiration</command:noun><dev:version /></command:details><maml:description><maml:para>The Clear-ADAccountExpiration cmdlet clears the expiration date for an Active Directory user or computer account. When you clear the expiration date for an account, the account does not expire.</maml:para><maml:para>The Identity parameter specifies the user or computer account to modify. You can identify a user or group by its distinguished name (DN), GUID, security identifier (SID), or Security Accounts Manager (SAM) account name. You can also set the Identity parameter to a user or computer object variable, such as $<localUserObject>, or pass a user or computer object through the pipeline to the Identity parameter. For example, you can use the Get-ADUser, Get-ADComputer, or Search-ADAccount cmdlet to retrieve an object and then pass the object through the pipeline to the Clear-ADAccountExpiration cmdlet. </maml:para><maml:para>For AD LDS environments, the Partition parameter must be specified except in the following two conditions: -- The cmdlet is run from an Active Directory provider drive. -- A default naming context or partition is defined for the AD LDS environment. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Clear-ADAccountExpiration</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an account object instance.</maml:para><maml:para>Derived types such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADUser</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAccount</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain.</maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an account object instance.</maml:para><maml:para>Derived types such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADUser</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAccount</command:parameterValue><dev:type><maml:name>ADAccount</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain.</maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADAccount</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An account object (Microsoft.ActiveDirectory.Management.ADAccount) is received by the Identity parameter. </maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Clear-ADAccountExpiration -Identity JeffPrice </dev:code><dev:remarks><maml:para>This command clears the account expiration date for the user with SamAccountName JeffPrice.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Clear-ADAccountExpiration -Identity "CN=JeffPrice,DC=AppNC" -server "FABRIKAM-SVR1:60000" </dev:code><dev:remarks><maml:para>This command clears the account expiration date for the user with DistinguishedName CN=JeffPrice,DC=AppNC on the AD LDS instance FABRIKAM-SVR1:60000.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291009</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Search-ADAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADAccountExpiration</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADUser</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADComputer</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Clear-ADClaimTransformLink</command:name><maml:description><maml:para>Removes a claims transformation from being applied to one or more cross-forest trust relationships in Active Directory.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Clear</command:verb><command:noun>ADClaimTransformLink</command:noun><dev:version /></command:details><maml:description><maml:para>The Clear-ADClaimTransformLink cmdlet removes a claims transformation from being applied to one or more cross-forest trust relationships in Active Directory.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Clear-ADClaimTransformLink</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory trust object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADTrust</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Policy</maml:name><maml:description><maml:para>Removes the specified claim transformation policy from being applied to the trust relationship. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimTransformPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TrustRole</maml:name><maml:description><maml:para>Specifies the role of the current forest in the trust relationship specified by the Identity parameter. The allowable values for this parameter are as follows: -- Trusted. Specify this value if the current forest is the trusted forest. -- Trusting. Specify this value if the current forest is the trusting forest.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Trusted</command:parameterValue><command:parameterValue required="true" variableLength="false">Trusting</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory trust object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADTrust</command:parameterValue><dev:type><maml:name>ADTrust</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Policy</maml:name><maml:description><maml:para>Removes the specified claim transformation policy from being applied to the trust relationship. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimTransformPolicy</command:parameterValue><dev:type><maml:name>ADClaimTransformPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TrustRole</maml:name><maml:description><maml:para>Specifies the role of the current forest in the trust relationship specified by the Identity parameter. The allowable values for this parameter are as follows: -- Trusted. Specify this value if the current forest is the trusted forest. -- Trusting. Specify this value if the current forest is the trusting forest.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADTrustRole</command:parameterValue><dev:type><maml:name>ADTrustRole</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADTrust</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An account object (Microsoft.ActiveDirectory.Management.ADTrust) is received by the Identity parameter.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Clear-ADClaimTransformLink -Identity "corp.contoso.com" -Policy DenyAllPolicy </dev:code><dev:remarks><maml:para>This command removes the policy named DenyAllPolicy from the corp.contoso.com trust. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Clear-ADClaimTransformLink -Identity "corp.contoso.com" -TrustRole Trusted </dev:code><dev:remarks><maml:para>This command removes any policies that are applied to where this forest acts as the trusted forest in the corp.contoso.com trust. Effectively, this cmdlet removes any policies that are applied to claims flowing out of this forest towards it trust partner.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Clear-ADClaimTransformLink -Identity "corp.contoso.com" -Policy DenyAllPolicy -TrustRole Trusting </dev:code><dev:remarks><maml:para>This command removes DenyAllPolicy that is applied to where this forest acts as the trusted domain in the corp.contoso.com trust. Effectively, this cmdlet removes DenyAllPolicy from applying to claims coming into this from its trust partner.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291010</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Disable-ADAccount</command:name><maml:description><maml:para>Disables an Active Directory account.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Disable</command:verb><command:noun>ADAccount</command:noun><dev:version /></command:details><maml:description><maml:para>The Disable-ADAccount cmdlet disables an Active Directory user, computer, or service account. </maml:para><maml:para>The Identity parameter specifies the Active Directory user, computer service account, or other service account that you want to disable. You can identify an account by its distinguished name (DN), GUID, security identifier (SID), or Security Accounts Manager (SAM) account name. You can also set the Identity parameter to an object variable such as $<localADAccountObject>, or you can pass an account object through the pipeline to the Identity parameter. For example, you can use the Get-ADUser cmdlet to retrieve a user account object and then pass the object through the pipeline to the Disable-ADAccount cmdlet. Similarly, you can use Get-ADComputer and Search-ADAccount to retrieve account objects. </maml:para><maml:para>For AD LDS environments, the Partition parameter must be specified except in the following two conditions: -- The cmdlet is run from an Active Directory provider drive. -- A default naming context or partition is defined for the AD LDS environment. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance.</maml:para><maml:para></maml:para><maml:para> </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Disable-ADAccount</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an account object instance.</maml:para><maml:para>Derived types such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADUser </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAccount</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain.</maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an account object instance.</maml:para><maml:para>Derived types such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADUser </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAccount</command:parameterValue><dev:type><maml:name>ADAccount</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain.</maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADAccount</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An account object is received by the Identity parameter.</maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Disable-ADAccount -Identity KimAb </dev:code><dev:remarks><maml:para>This command disables the account with SamAccountName KimAB. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Disable-ADAccount -Identity "CN=Kim Abercrombie,OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM" </dev:code><dev:remarks><maml:para>This command disables the account with DistinguishedName CN=Kim Abercrombie,OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADUser -Filter 'Name -like "*"' -SearchBase "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM" | Disable-ADAccount </dev:code><dev:remarks><maml:para>This command disables all accounts in the OU OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291011</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Clear-ADAccountExpiration</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Enable-ADAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADAccountAuthorizationGroup</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Search-ADAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADAccountControl</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADAccountExpiration</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADAccountPassword</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Unlock-ADAccount</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Disable-ADOptionalFeature</command:name><maml:description><maml:para>Disables an Active Directory optional feature.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Disable</command:verb><command:noun>ADOptionalFeature</command:noun><dev:version /></command:details><maml:description><maml:para>The Disable-ADOptionalFeature disables an Active Directory optional feature that is associated with a particular Domain Mode or Forest Mode. </maml:para><maml:para>The Identity parameter specifies the Active Directory optional feature that you want to disable. You can identify an optional feature by its distinguished name (DN), feature GUID, or object GUID. You can also set the parameter to an optional feature object variable, such as $<localOptionalFeatureObject> or you can pass an optional feature object through the pipeline to the Identity parameter. For example, you can use the Get-ADOptionalFeature cmdlet to retrieve an optional feature object and then pass the object through the pipeline to the Disable-ADOptionalFeature cmdlet. </maml:para><maml:para>The Scope parameter specifies the scope at which the optional feature is disabled. Possible values for this parameter are Domain and Forest. </maml:para><maml:para>The Target parameter specifies the domain or forest on which the optional feature is disabled. You can identify the domain or forest by its fully-qualified domain name (FQDN), NetBIOS name, or the distinguished name (DN) of the domain naming context (domain NC). </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Disable-ADOptionalFeature</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory optional feature object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- Fully qualified domain name -- Feature GUID (featureGUID) -- Object GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an optional feature object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADOptionalFeature</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="3" aliases=""><maml:name>Scope</maml:name><maml:description><maml:para>Specifies the scope at which the feature is enabled or disabled. The acceptable values for this parameter are: -- Domain or 0 -- Forest or 1 </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Unknown</command:parameterValue><command:parameterValue required="true" variableLength="false">ForestOrConfigurationSet</command:parameterValue><command:parameterValue required="true" variableLength="false">Domain</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="4" aliases=""><maml:name>Target</maml:name><maml:description><maml:para>Specifies the domain or forest in which to modify the optional feature. You can identify the target domain or forest by providing one of the following values: </maml:para><maml:para>-- Fully-qualified domain name of the forest or domain -- NetBIOS name of the forest or domain -- Distinguished Name of the domain naming context (domain NC) </maml:para><maml:para></maml:para><maml:para>The following example shows how to set this parameter to a domain NC. </maml:para><maml:para>-Target "DC=corp,DC=Fabrikam,DC=com" </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADEntity</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory optional feature object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- Fully qualified domain name -- Feature GUID (featureGUID) -- Object GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an optional feature object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADOptionalFeature</command:parameterValue><dev:type><maml:name>ADOptionalFeature</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="3" aliases=""><maml:name>Scope</maml:name><maml:description><maml:para>Specifies the scope at which the feature is enabled or disabled. The acceptable values for this parameter are: -- Domain or 0 -- Forest or 1 </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADOptionalFeatureScope</command:parameterValue><dev:type><maml:name>ADOptionalFeatureScope</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="4" aliases=""><maml:name>Target</maml:name><maml:description><maml:para>Specifies the domain or forest in which to modify the optional feature. You can identify the target domain or forest by providing one of the following values: </maml:para><maml:para>-- Fully-qualified domain name of the forest or domain -- NetBIOS name of the forest or domain -- Distinguished Name of the domain naming context (domain NC) </maml:para><maml:para></maml:para><maml:para>The following example shows how to set this parameter to a domain NC. </maml:para><maml:para>-Target "DC=corp,DC=Fabrikam,DC=com" </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADEntity</command:parameterValue><dev:type><maml:name>ADEntity</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADOptionalFeature</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An optional feature object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Disable-ADOptionalFeature -Identity 'Feature 1' -Scope ForestOrConfigurationSet -Target 'fabrikam' -Server DC1 </dev:code><dev:remarks><maml:para>This command disables the optional feature, named Feature 1, for the forest that has the NetBIOS name fabrikam. This operation should be performed against the DC that holds the naming master FSMO role. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Disable-ADOptionalFeature -Identity 'CN=Feature 1,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=fabrikam,DC=com' -Scope ForestOrConfigurationSet -Target 'fabrikam.com' -Server DC1 </dev:code><dev:remarks><maml:para>This command disables the optional feature, dn 'CN=Feature 1,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=fabrikam,DC=com, for the forest, named fabrikam.com. This operation should be performed against the DC that holds the naming master FSMO role. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Disable-ADOptionaFeature -Identity '54ec6e43-75a8-445b-aa7b-346a1e096659' -Scope Domain -Target 'DC=fabrikam,DC=com' -Server DC1 </dev:code><dev:remarks><maml:para>This command disables the optional feature that has the GUID 54ec6e43-75a8-445b-aa7b-346a1e096659 for the domain, dn DC=ntdev,DC=fabrikam,DC=com'. This operation should be performed against the DC that holds the naming master FSMO role. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Disable-ADOptionalFeature -Identity 'Feature 1' -Scope ForestOrConfigurationSet -Target 'CN=Configuration,CN={0241853A-6BBF-48AA-8AE0-9C35D0C91B7B}' -Server server1:50000 </dev:code><dev:remarks><maml:para>This command disables the optional feature, Feature 1, for the AD LDS instance, dn 'CN=Configuration,CN={0241853A-6BBF-48AA-8AE0-9C35D0C91B7B}'. This operation should be performed against the AD LDS instance that holds the naming master FSMO role. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291012</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Enable-ADOptionalFeature</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADOptionalFeature</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Enable-ADAccount</command:name><maml:description><maml:para>Enables an Active Directory account.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Enable</command:verb><command:noun>ADAccount</command:noun><dev:version /></command:details><maml:description><maml:para>The Enable-ADAccount cmdlet enables an Active Directory user, computer or service account. </maml:para><maml:para>The Identity parameter specifies the Active Directory user, computer or service account that you want to enable. You can identify an account by its distinguished name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. You can also set the Identity parameter to an object variable such as $<localADAccountObject>, or you can pass an account object through the pipeline to the Identity parameter. For example, you can use the Get-ADUser cmdlet to retrieve an account object and then pass the object through the pipeline to the Enable-ADAccount cmdlet. Similarly, you can use Get-ADComputer and Search-ADAccount to retrieve account objects. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Enable-ADAccount</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an account object instance.</maml:para><maml:para>Derived types such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAccount</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an account object instance.</maml:para><maml:para>Derived types such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAccount</command:parameterValue><dev:type><maml:name>ADAccount</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADAccount</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An account object is received by the Identity parameter.</maml:para><maml:para>Derived types, such as the following, are also accepted: -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None </maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Enable-ADAccount -Identity KimAb </dev:code><dev:remarks><maml:para>This command enables the account with SamAccountName KimAb.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Enable-ADAccount -Identity "CN=Kim Abercrombie,OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM" </dev:code><dev:remarks><maml:para>This command enables the account with DistinguishedName CN=Kim Abercrombie,OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADUser -Filter 'Name -like "*"' -SearchBase "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM" | Enable-ADAccount </dev:code><dev:remarks><maml:para>This command enables all accounts in the OU: OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291013</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Clear-ADAccountExpiration</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Disable-ADAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADAccountAuthorizationGroup</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Search-ADAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADAccountControl</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADAccountExpiration</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADAccountPassword</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Unlock-ADAccount</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Enable-ADOptionalFeature</command:name><maml:description><maml:para>Enables an Active Directory optional feature.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Enable</command:verb><command:noun>ADOptionalFeature</command:noun><dev:version /></command:details><maml:description><maml:para>The Enable-ADOptionalFeature cmdlet enables an Active Directory optional feature that is associated with a particular Domain mode or Forest mode. Active Directory optional features that depend on a specified domain mode or Forest mode must be explicitly enabled after the domain mode or forest mode is set. </maml:para><maml:para>The Identity parameter specifies the Active Directory optional feature that you want to enable. You can identify an optional feature by its distinguished name (DN), feature GUID, or object GUID. You can also set the parameter to an optional feature object variable, such as $<localOptionalFeatureObject> or you can pass an optional feature object through the pipeline to the Identity parameter. For example, you can use the Get-ADOptionalFeature cmdlet to retrieve an optional feature object and then pass the object through the pipeline to the Enable-ADOptionalFeature cmdlet. </maml:para><maml:para>The Scope parameter specifies the scope at which the optional feature will be enabled. The acceptable values for this parameter are: Domain and Forest.</maml:para><maml:para>The Target parameter specifies the domain or forest on which the optional feature will be enabled. You can identify the domain or forest by its fully-qualified domain name (FQDN), NetBIOS name, or distinguished name (DN) of the domain naming context (domain NC). </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Enable-ADOptionalFeature</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory optional feature object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A full qualified domain name -- A feature GUID (featureGUID) -- An object GUID (objectGUID)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an optional feature object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADOptionalFeature</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="3" aliases=""><maml:name>Scope</maml:name><maml:description><maml:para>Specifies the scope at which the feature is enabled or disabled. The acceptable values for this parameter are: -- Domain or 0 -- Forest or 1 </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Unknown</command:parameterValue><command:parameterValue required="true" variableLength="false">ForestOrConfigurationSet</command:parameterValue><command:parameterValue required="true" variableLength="false">Domain</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="4" aliases=""><maml:name>Target</maml:name><maml:description><maml:para>Specifies the domain or forest in which to modify the optional feature. You can identify the target domain or forest by providing one of the following values: -- Fully-qualified domain name of the forest or domain -- NetBIOS name of the forest or domain You can also, where Scope is set to domain (not forest), use the following: -- Distinguished name (DN) of the domain naming context (domain NC)</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADEntity</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory optional feature object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A full qualified domain name -- A feature GUID (featureGUID) -- An object GUID (objectGUID)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an optional feature object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADOptionalFeature</command:parameterValue><dev:type><maml:name>ADOptionalFeature</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="3" aliases=""><maml:name>Scope</maml:name><maml:description><maml:para>Specifies the scope at which the feature is enabled or disabled. The acceptable values for this parameter are: -- Domain or 0 -- Forest or 1 </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADOptionalFeatureScope</command:parameterValue><dev:type><maml:name>ADOptionalFeatureScope</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="4" aliases=""><maml:name>Target</maml:name><maml:description><maml:para>Specifies the domain or forest in which to modify the optional feature. You can identify the target domain or forest by providing one of the following values: -- Fully-qualified domain name of the forest or domain -- NetBIOS name of the forest or domain You can also, where Scope is set to domain (not forest), use the following: -- Distinguished name (DN) of the domain naming context (domain NC)</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADEntity</command:parameterValue><dev:type><maml:name>ADEntity</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADOptionalFeature</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An optional feature object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert><maml:alert><maml:para>Recycle Bin Feature: Once the Active Directory Recycle Bin is enabled, all objects deleted before the Active Directory Recycle Bin was enabled (tombstone objects) become recycled objects. They are no longer visible in the Deleted Objects container and they cannot be recovered using Active Directory Recycle Bin. The only way to restore these objects is though an authoritative restore from an AD DS backup taken before the Active Directory Recycle Bin was enabled. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Enable-ADOptionalFeature -Identity 'Recycle Bin Feature' -Scope ForestOrConfigurationSet -Target 'fabrikam.com' -Server dc1 </dev:code><dev:remarks><maml:para>This command enables the optional feature Recycle Bin Feature for the forest fabrikam.com. This operation must be performed on the Domain Controller that holds the naming master FSMO role. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Enable-ADOptionalFeature -Identity 'Feature 1' -Scope ForestOrConfigurationSet -Target 'CN=Configuration,CN={0241853A-6BBF-48AA-8AE0-9C35D0C91B7B}' -Server lds.fabrikam.com:50000 </dev:code><dev:remarks><maml:para>This command enables the optional feature Recycle Bin Feature for the AD LDS instance lds.fabrikam.com. This operation must be performed on the AD LDS instance that holds the naming master FSMO role. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADObject -Identity "CN=Partitions,CN=Configuration,CN={4F971828-5BE4-4E94-B532-58F2BFB6A3A5}" -Replace @{"msDS-Behavior-Version"=4} </dev:code><dev:remarks><maml:para>This command sets the ForestMode (Forest Functional Level) to Windows2008R2Forest on an AD LDS instance. The ForestMode must be Windows2008R2Forest or higher in order to enable the Recycle Bin Feature for AD LDS. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291014</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Disable-ADOptionalFeature</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADOptionalFeature</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADAccountAuthorizationGroup</command:name><maml:description><maml:para>Gets the accounts token group information.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADAccountAuthorizationGroup</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADAccountAuthorizationGroup cmdlet gets the security groups from the specified user, computer or service accounts token. This cmdlet requires a global catalog to perform the group search. If the forest that contains the account does not have a global catalog, the cmdlet returns a non-terminating error.</maml:para><maml:para>The Identity parameter specifies the user, computer, or service account. You can identify a user, computer, or service account object by its distinguished name (DN), GUID, security identifier (SID), Security Account Manager (SAM) account name or user principal name. You can also set the Identity parameter to an account object variable, such as $<localAccountobject>, or pass an account object through the pipeline to the Identity parameter. For example, you can use the Get-ADUser, Get-ADComputer, Get-ADServiceAccount or Search-ADAccount cmdlets to retrieve an account object and then pass the object through the pipeline to the Get-ADAccountAuthorizationGroup cmdlet. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADAccountAuthorizationGroup</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an account object instance.</maml:para><maml:para>Derived types such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADUser</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAccount</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain.</maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an account object instance.</maml:para><maml:para>Derived types such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADUser</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAccount</command:parameterValue><dev:type><maml:name>ADAccount</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain.</maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADAccount</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An account object that represents the user, computer or service account is received by the Identity parameter. Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADGroup</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns group objects that represent the security groups for the account. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADAccountAuthorizationGroup -Identity GlenJohn GroupScope : DomainLocal objectGUID : 00000000-0000-0000-0000-000000000000 GroupCategory : Security SamAccountName : Everyone name : Everyone objectClass : SID : S-1-1-0 distinguishedName : GroupScope : DomainLocal objectGUID : 00000000-0000-0000-0000-000000000000 GroupCategory : Security SamAccountName : Authenticated Users name : Authenticated Users objectClass : SID : S-1-5-11 distinguishedName : GroupScope : Global objectGUID : 86c0f0d5-8b4d-4f35-a867-85a006b92902 GroupCategory : Security SamAccountName : Domain Users name : Domain Users objectClass : group SID : S-1-5-21-41432690-3719764436-1984117282-513 distinguishedName : CN=Domain Users,CN=Users,DC=Fabrikam,DC=com GroupScope : DomainLocal objectGUID : 869fb7ad-8cf2-4dd0-ac0f-4bd3bf324669 GroupCategory : Security SamAccountName : Pre-Windows 2000 Compatible Access name : Pre-Windows 2000 Compatible Access objectClass : group SID : S-1-5-32-554 distinguishedName : CN=Pre-Windows 2000 Compatible Access,CN=Builtin,DC=Fabrikam,DC=com GroupScope : DomainLocal objectGUID : c1e397c5-1e44-4270-94d1-88d6c4b78ee6 GroupCategory : Security SamAccountName : Users name : Users objectClass : group SID : S-1-5-32-545 distinguishedName : CN=Users,CN=Builtin,DC=Fabrikam,DC=com </dev:code><dev:remarks><maml:para>This command returns all security groups for the specified account with SamAccountName GlenJohn. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADAccountAuthorizationGroup -Identity "cn=GlenJohn,dc=AppNC" -Server <Server>:50000 distinguishedName : CN=AdminGroup,DC=AppNC GroupCategory : Security GroupScope : Global name : AdminGroup objectClass : group objectGUID : 4d72873f-fe09-4834-9ada-a905636d10df SamAccountName : SID : S-1-510474493-936115905-4021890855-1253703389-3958791574-3542197427 </dev:code><dev:remarks><maml:para>This command returns all security groups for the specified account with DistinguishedName cn=GlenJohn,dc=AppNC in the AD LDS instance <Server>:50000.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADAccountAuthorizationGroup -Server <Server>:50000 -Identity Administrator | where { $_.objectClass -ne $null } | ft name, objectClass name objectClass ---- ----------- Domain Users group Administrators group Users group Pre-Windows 2000 Compatible Access group Group Policy Creator Owners group Domain Admins group Enterprise Admins group Schema Admins group Denied RODC Password Replication Group group </dev:code><dev:remarks><maml:para>This command returns a filtered list of built-in security groups which do not have an empty or null setting for objectclass, such as Everyone or Authenticated Users. Note: This type of filtering of groups in output can be useful when piping the output of this cmdlet to be used as input to other Active Directory cmdlets.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291015</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADComputer</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADUser</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Search-ADAccount</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADAccountResultantPasswordReplicationPolicy</command:name><maml:description><maml:para>Gets the resultant password replication policy for an Active Directory account.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADAccountResultantPasswordReplicationPolicy</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADAccountResultantPasswordReplicationPolicy cmdlet gets the resultant password replication policy for a user, computer or service account on the specified read-only domain controller.</maml:para><maml:para>The policy will be one of the following values: -- Allow or 1 -- DenyExplicit or 0 -- DenyImplicit or 2 -- Unknown or -1</maml:para><maml:para>The Identity parameter specifies the account. You can identify a user, computer, or service account object by its distinguished name (DN), GUID, security identifier (SID) or Security Account Manager (SAM) account name. You can also set the Identity parameter to an account object variable, such as $<localAccountobject>, or pass an account object through the pipeline to the Identity parameter. For example, you can use the Get-ADUser, Get-ADComputer, Get-ADServiceAccount, or Search-ADAccount cmdlets to retrieve an account object and then pass the object through the pipeline to the Get-ADAccountResultantPasswordReplicationPolicy cmdlet. </maml:para><maml:para>The DomainController parameter specifies the read-only domain controller. You can identify a domain controller by its IPV4Address, global IPV6Address, or DNS host name. You can also identify a domain controller by the Distinguished Name (DN) of the NTDS settings object or the server object, the GUID of the NTDS settings object or the server object under the configuration partition, or the DN, SamAccountName, GUID, SID of the computer object that represents the domain controller. You can also set the DomainController parameter to a domain controller object variable, such as $<localDomainControllerObject>.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADAccountResultantPasswordReplicationPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an account object instance.</maml:para><maml:para>Derived types such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAccount</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>DomainController</maml:name><maml:description><maml:para>Specifies a read-only domain controller (RODC). The cmdlet returns the password replication policy of the account for this RODC. You can identify the domain controller by providing one of the following values: -- GUID (objectGUID) -- IPV4Address -- Global IPV6Address -- DNS Host Name (dNSHostName) -- Name of the server object -- Distinguished Name (DN) of the NTDS Settings object -- Distinguished Name (DN) of the server object that represents the domain controller -- GUID of NTDS settings object under the configuration partition -- GUID of server object under the configuration partition -- Distinguished Name of the computer object that represents the domain controller</maml:para><maml:para>Note: The identifier in parentheses is the LDAP display name for the attribute.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDomainController</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Servicesinstance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Domain name values: -- Fully qualified domain name (FQDN) -- NetBIOS name</maml:para><maml:para>Directory server values: -- Fully qualified directory server name -- NetBIOS name -- Fully qualified directory server name and port</maml:para><maml:para>The default value for the Server parameter is determined by one of the following methods in the order that they are listed: -- By using Server value from objects passed through the pipeline. -- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. -- By using the domain of the computer running Windows PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>DomainController</maml:name><maml:description><maml:para>Specifies a read-only domain controller (RODC). The cmdlet returns the password replication policy of the account for this RODC. You can identify the domain controller by providing one of the following values: -- GUID (objectGUID) -- IPV4Address -- Global IPV6Address -- DNS Host Name (dNSHostName) -- Name of the server object -- Distinguished Name (DN) of the NTDS Settings object -- Distinguished Name (DN) of the server object that represents the domain controller -- GUID of NTDS settings object under the configuration partition -- GUID of server object under the configuration partition -- Distinguished Name of the computer object that represents the domain controller</maml:para><maml:para>Note: The identifier in parentheses is the LDAP display name for the attribute.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDomainController</command:parameterValue><dev:type><maml:name>ADDomainController</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an account object instance.</maml:para><maml:para>Derived types such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAccount</command:parameterValue><dev:type><maml:name>ADAccount</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Servicesinstance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Domain name values: -- Fully qualified domain name (FQDN) -- NetBIOS name</maml:para><maml:para>Directory server values: -- Fully qualified directory server name -- NetBIOS name -- Fully qualified directory server name and port</maml:para><maml:para>The default value for the Server parameter is determined by one of the following methods in the order that they are listed: -- By using Server value from objects passed through the pipeline. -- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. -- By using the domain of the computer running Windows PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADAccount</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An account object is received by the Identity parameter.</maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADResultantPasswordReplicationPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns an ADResultantPasswordReplicationPolicy enum value that represents the resultant password replication policy for an account on the specified domain controller. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADAccountResultantPasswordReplicationPolicy -Identity BradSu -DomainController "FABRIKAM-RODC1" </dev:code><dev:remarks><maml:para>This command gets the resultant password replication policy on the domain specified by the DomainController parameter for the user account specified by the Identity parameter. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADAccountResultantPasswordReplicationPolicy -Identity "CN=Jordao Moreno,OU=Europe,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM" -DomainController "FABRIKAM-RODC1" </dev:code><dev:remarks><maml:para>This command gets the resultant password replication policy on the domain controller specified by the DomainController parameter for the user account distinguisted name specified by the Identity parameter. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291016</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADComputer</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADUser</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Search-ADAccount</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADAuthenticationPolicy</command:name><maml:description><maml:para>Gets one or more Active Directory Domain Services authentication policies.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADAuthenticationPolicy</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADAuthenticationPolicy cmdlet gets an authentication policy or performs a search to get authentication policies. </maml:para><maml:para>The Identity parameter specifies the Active Directory Domain Services authentication policy to get. You can identify an authentication policy by its distinguished name (DN), GUID or name. You can also use the Identity parameter to specify a variable that contains an authentication policy object, or you can use the pipeline operator to pass an authentication policy object to the Identity parameter.</maml:para><maml:para>You can search for and use multiple authentication policies by specifying the Filter parameter or the LDAPFilter parameter. The Filter parameter uses the Windows PowerShell® expression language to write query strings for Active Directory Domain Services. Windows PowerShell expression language syntax provides rich type conversion support for value types received by the Filter parameter. For more information about the Filter parameter syntax, type Get-Help about_ActiveDirectory_Filter. If you have existing LDAP query strings, you can use the LDAPFilter parameter.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADAuthenticationPolicy</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to get from the server. Use this parameter to get properties that are not included in the default set. </maml:para><maml:para>Specify the properties to get as a comma separated list of names. For properties that are not default or extended properties, you must specify the LDAP display name of the property. To display all of the properties that are set on the object, specify an asterisk wildcard.</maml:para><maml:para>To get properties for an object and display them, you can use this cmdlet and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet by using the pipeline operator. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. The default value is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to get all of the objects, set this parameter to $Null. You can use Ctrl+C to stop the query and the return of objects. </maml:para><maml:para>The default value is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory Domain Services objects. This string uses the Windows PowerShell expression language syntax. The Windows PowerShell expression language syntax provides rich type-conversion support for value types received by the Filter parameter. </maml:para><maml:para>Specify the Filter parameter in one of the following formats: -- To match a single filter element: {Attributeoperator "value"} -- To match multiple filter elements: {(Attribute1operator1 "value1") joinOperator (Attribute2operator2 "value2")}</maml:para><maml:para>Windows PowerShell wildcards other than "*", such as "?" are not supported by the Filter syntax.</maml:para><maml:para>Valid filter operators are: -eq, -le, -ge, -ne, -lt, -gt, -approx, -bor, -band, -recursivematch, -like, -notlike </maml:para><maml:para>Valid join operators are: -and, -or </maml:para><maml:para>The not operator is -not </maml:para><maml:para>For a list of supported types for values, see about_ActiveDirectory_ObjectModel. For more information about the Filter parameter, see about_ActiveDirectory_Filter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADAuthenticationPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy object. Specify the authentication policy object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to get from the server. Use this parameter to get properties that are not included in the default set. </maml:para><maml:para>Specify the properties to get as a comma separated list of names. For properties that are not default or extended properties, you must specify the LDAP display name of the property. To display all of the properties that are set on the object, specify an asterisk wildcard.</maml:para><maml:para>To get properties for an object and display them, you can use this cmdlet and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet by using the pipeline operator. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADAuthenticationPolicy</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to get from the server. Use this parameter to get properties that are not included in the default set. </maml:para><maml:para>Specify the properties to get as a comma separated list of names. For properties that are not default or extended properties, you must specify the LDAP display name of the property. To display all of the properties that are set on the object, specify an asterisk wildcard.</maml:para><maml:para>To get properties for an object and display them, you can use this cmdlet and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet by using the pipeline operator. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. The default value is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to get all of the objects, set this parameter to $Null. You can use Ctrl+C to stop the query and the return of objects. </maml:para><maml:para>The default value is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string used to filter Active Directory Domain Services objects. Use this parameter to run your existing LDAP queries. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory Domain Services objects. This string uses the Windows PowerShell expression language syntax. The Windows PowerShell expression language syntax provides rich type-conversion support for value types received by the Filter parameter. </maml:para><maml:para>Specify the Filter parameter in one of the following formats: -- To match a single filter element: {Attributeoperator "value"} -- To match multiple filter elements: {(Attribute1operator1 "value1") joinOperator (Attribute2operator2 "value2")}</maml:para><maml:para>Windows PowerShell wildcards other than "*", such as "?" are not supported by the Filter syntax.</maml:para><maml:para>Valid filter operators are: -eq, -le, -ge, -ne, -lt, -gt, -approx, -bor, -band, -recursivematch, -like, -notlike </maml:para><maml:para>Valid join operators are: -and, -or </maml:para><maml:para>The not operator is -not </maml:para><maml:para>For a list of supported types for values, see about_ActiveDirectory_ObjectModel. For more information about the Filter parameter, see about_ActiveDirectory_Filter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy object. Specify the authentication policy object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string used to filter Active Directory Domain Services objects. Use this parameter to run your existing LDAP queries. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to get from the server. Use this parameter to get properties that are not included in the default set. </maml:para><maml:para>Specify the properties to get as a comma separated list of names. For properties that are not default or extended properties, you must specify the LDAP display name of the property. To display all of the properties that are set on the object, specify an asterisk wildcard.</maml:para><maml:para>To get properties for an object and display them, you can use this cmdlet and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet by using the pipeline operator. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. The default value is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue>256</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to get all of the objects, set this parameter to $Null. You can use Ctrl+C to stop the query and the return of objects. </maml:para><maml:para>The default value is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADAuthenticationPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>This cmdlet accepts an authentication policy object.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADAuthenticationPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns one or more authentication policy objects. This cmdlet returns a default set of ADAuthenticationPolicy property values. To retrieve additional ADAuthenticationPolicy properties, use the Properties parameter.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>Example 1: Get an authentication policy</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Get-ADAuthenticationPolicy -Identity AuthenticationPolicy01 </dev:code><dev:remarks><maml:para>This command gets an authentication policy object by specifying the object name. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 2: Get an authentication policy by using an LDAP filter</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Get-ADAuthenticationPolicy -LDAPFilter "(name=AuthenticationPolicy*)" -Server Server01.Contoso.com </dev:code><dev:remarks><maml:para>This command gets all authentication policies that match the LDAP filter specified by the LDAPFilter parameter. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 3: Get an authentication policy by using a filter</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Get-ADAuthenticationPolicy -Filter "Name -like 'AuthenticationPolicy*'" -Server Server02.Contoso.com </dev:code><dev:remarks><maml:para>This command gets all authentication policies that match the filter specified by the Filter parameter.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 4: Get all authentication policy objects that match a filter</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Get-ADAuthenticationPolicy -Filter * | Format-Table Name, Enforce -AutoSize Name Enforce ---- ------- AuthenticationPolicy1 False AuthenticationPolicy2 False </dev:code><dev:remarks><maml:para>This command gets all the authentication policies available. The output is then passed to the Format-Table cmdlet to display the name of the policy and the value for Enforce on each policy. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 5: Get all properties for an authentication policy </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Get-ADAuthenticationPolicy -Identity "AuthenticationPolicy01" -Properties "*" </dev:code><dev:remarks><maml:para>This command gets all properties of the authentication policy specified by the Identity parameter. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=288129</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADAuthenticationPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADAuthenticationPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADAuthenticationPolicy</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADAuthenticationPolicySilo</command:name><maml:description><maml:para>Gets one or more Active Directory Domain Services authentication policy silos.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADAuthenticationPolicySilo</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADAuthenticationPolicySilo cmdlet gets an authentication policy silo or performs a search to get authentication policy silos. </maml:para><maml:para>The Identity parameter specifies the Active Directory Domain Services authentication policy silo to get. You can identify an authentication policy silo by its distinguished name (DN), GUID or name. You can also use the Identity parameter to specify a variable that contains an authentication policy silo object, or you can use the pipeline operator to pass an authentication policy silo object to the Identity parameter.</maml:para><maml:para>You can search for and use multiple authentication policies by specifying the Filter parameter or the LDAPFilter parameter. The Filter parameter uses the Windows PowerShell® expression language to write query strings for Active Directory Domain Services. Windows PowerShell expression language syntax provides rich type conversion support for value types received by the Filter parameter. For more information about the Filter parameter syntax, type Get-Help about_ActiveDirectory_Filter. If you have existing LDAP query strings, you can use the LDAPFilter parameter.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADAuthenticationPolicySilo</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to get from the server. Use this parameter to get properties that are not included in the default set. </maml:para><maml:para>Specify the properties to get as a comma separated list of names. For properties that are not default or extended properties, you must specify the LDAP display name of the property. To display all of the properties that are set on the object, specify an asterisk wildcard.</maml:para><maml:para>To get properties for an object and display them, you can use this cmdlet and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet by using the pipeline operator. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. The default value is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to get all of the objects, set this parameter to $Null. You can use Ctrl+C to stop the query and the return of objects. </maml:para><maml:para>The default value is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory Domain Services objects. This string uses the Windows PowerShell expression language syntax. The Windows PowerShell expression language syntax provides rich type-conversion support for value types received by the Filter parameter. </maml:para><maml:para>Specify the Filter parameter in one of the following formats: -- To match a single filter element: {Attributeoperator "value"} -- To match multiple filter elements: {(Attribute1operator1 "value1") joinOperator (Attribute2operator2 "value2")}</maml:para><maml:para>Windows PowerShell wildcards other than "*", such as "?" are not supported by the Filter syntax.</maml:para><maml:para>Valid filter operators are: -eq, -le, -ge, -ne, -lt, -gt, -approx, -bor, -band, -recursivematch, -like, -notlike </maml:para><maml:para>Valid join operators are: -and, -or </maml:para><maml:para>The not operator is -not </maml:para><maml:para>For a list of supported types for values, type Get-Help about_ActiveDirectory_ObjectModel. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADAuthenticationPolicySilo</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy silo object. Specify the authentication policy silo object in one of the following formats: -- A Distinguished Name -- A GUID -- A Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to get from the server. Use this parameter to get properties that are not included in the default set. </maml:para><maml:para>Specify the properties to get as a comma separated list of names. For properties that are not default or extended properties, you must specify the LDAP display name of the property. To display all of the properties that are set on the object, specify an asterisk wildcard.</maml:para><maml:para>To get properties for an object and display them, you can use this cmdlet and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet by using the pipeline operator. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADAuthenticationPolicySilo</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to get from the server. Use this parameter to get properties that are not included in the default set. </maml:para><maml:para>Specify the properties to get as a comma separated list of names. For properties that are not default or extended properties, you must specify the LDAP display name of the property. To display all of the properties that are set on the object, specify an asterisk wildcard.</maml:para><maml:para>To get properties for an object and display them, you can use this cmdlet and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet by using the pipeline operator. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. The default value is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to get all of the objects, set this parameter to $Null. You can use Ctrl+C to stop the query and the return of objects. </maml:para><maml:para>The default value is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string used to filter Active Directory Domain Services objects. Use this parameter to run your existing LDAP queries. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory Domain Services objects. This string uses the Windows PowerShell expression language syntax. The Windows PowerShell expression language syntax provides rich type-conversion support for value types received by the Filter parameter. </maml:para><maml:para>Specify the Filter parameter in one of the following formats: -- To match a single filter element: {Attributeoperator "value"} -- To match multiple filter elements: {(Attribute1operator1 "value1") joinOperator (Attribute2operator2 "value2")}</maml:para><maml:para>Windows PowerShell wildcards other than "*", such as "?" are not supported by the Filter syntax.</maml:para><maml:para>Valid filter operators are: -eq, -le, -ge, -ne, -lt, -gt, -approx, -bor, -band, -recursivematch, -like, -notlike </maml:para><maml:para>Valid join operators are: -and, -or </maml:para><maml:para>The not operator is -not </maml:para><maml:para>For a list of supported types for values, type Get-Help about_ActiveDirectory_ObjectModel. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy silo object. Specify the authentication policy silo object in one of the following formats: -- A Distinguished Name -- A GUID -- A Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicySilo</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string used to filter Active Directory Domain Services objects. Use this parameter to run your existing LDAP queries. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to get from the server. Use this parameter to get properties that are not included in the default set. </maml:para><maml:para>Specify the properties to get as a comma separated list of names. For properties that are not default or extended properties, you must specify the LDAP display name of the property. To display all of the properties that are set on the object, specify an asterisk wildcard.</maml:para><maml:para>To get properties for an object and display them, you can use this cmdlet and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet by using the pipeline operator. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. The default value is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue>256</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to get all of the objects, set this parameter to $Null. You can use Ctrl+C to stop the query and the return of objects. </maml:para><maml:para>The default value is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADAuthenticationPolicySilo</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>This cmdlet accepts an authentication policy silo object. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADAuthenticationPolicySilo</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns one or more authentication policy silo objects. This cmdlet returns a default set of ADAuthenticationPolicySilo property values. To retrieve additional ADAuthenticationPolicySilo properties, use the Properties parameter.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>Example 1: Get an authentication policy silo object</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADAuthenticationPolicySilo -Identity AuthenticationPolicySilo01 </dev:code><dev:remarks><maml:para>This command gets an authentication policy silo object named AuthenticationPolicySilo01.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 2: Get all authentication policy silo objects that match a filter</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADAuthenticationPolicySilo -Filter 'Name -like "*AuthenticationPolicySilo*"' | Format-Table Name, Enforce -AutoSize Name Enforce ---- ------- silo True silos False </dev:code><dev:remarks><maml:para>This command gets all the authentication policy silos that match the filter specified by the Filter parameter. The output is then passed to the Format-Table cmdlet to display the name of the policy and the value for Enforce on each policy.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 3: Get all properties of a specific authentication policy silo</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADAuthenticationPolicySilo -Identity AuthenticationPolicySilo02 -Properties * </dev:code><dev:remarks><maml:para>This command gets all properties for the authentication policy silo named AuthenticationPolicySilo02.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=288159</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADAuthenticationPolicySilo</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADAuthenticationPolicySilo</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADAuthenticationPolicySilo</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADCentralAccessPolicy</command:name><maml:description><maml:para>Retrieves central access policies from Active Directory.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADCentralAccessPolicy</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADCentralAccessPolicy cmdlet retrieves central access policies from Active Directory.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADCentralAccessPolicy</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. </maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects.</maml:para><maml:para>The default is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADCentralAccessPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute.The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADCentralAccessPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADCentralAccessPolicy</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. </maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects.</maml:para><maml:para>The default is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute.The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADCentralAccessPolicy</command:parameterValue><dev:type><maml:name>ADCentralAccessPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. </maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue>256</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects.</maml:para><maml:para>The default is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADCentralAccessPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An ADCentralAccessPolicy object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADCentralAccessPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns one or more ADCentralAccessPolicy objects.</maml:para><maml:para>The Get-ADCentralAccessPolicy cmdlet returns a default set of ADCentralAccessPolicy property values. To retrieve additional ADCentralAccessPolicy properties, use the Properties parameter of the cmdlet.</maml:para><maml:para>To view the properties for an ADCentralAccessPolicy object, see the following examples. To run these examples, replace <object> with an Active Directory object identifier.</maml:para><maml:para>To get a list of the default set of properties of an ADCentralAccessPolicy object, use the following command: </maml:para><maml:para>Get-ADCentralAccessPolicy<object></maml:para><maml:para>To get a list of all the properties of an ADCentralAccessPolicy object, use the following command: </maml:para><maml:para>Get-ADCentralAccessPolicy<object>-Properties *</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADCentralAccessPolicy -Filter * </dev:code><dev:remarks><maml:para>This command retrieves a list of all central access policies. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADCentralAccessPolicy -Filter {Members -eq 'Finance Documents Rule'} </dev:code><dev:remarks><maml:para>This command gets the central access policies that have the central access rule Finance Documents Rule as its members. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADCentralAccessPolicy -Identity "Finance Policy" </dev:code><dev:remarks><maml:para>This command gets information for a central access policy named Finance Policy.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291017</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADCentralAccessPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADCentralAccessPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADCentralAccessPolicy</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADCentralAccessRule</command:name><maml:description><maml:para>Retrieves central access rules from Active Directory.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADCentralAccessRule</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADCentralAccessRule cmdlet retrieves central access rules from Active Directory. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADCentralAccessRule</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query.</maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects.</maml:para><maml:para>The default is $Null.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax.</maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADCentralAccessRule</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADCentralAccessRule</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADCentralAccessRule</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query.</maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects.</maml:para><maml:para>The default is $Null.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax.</maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADCentralAccessRule</command:parameterValue><dev:type><maml:name>ADCentralAccessRule</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query.</maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue>256</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects.</maml:para><maml:para>The default is $Null.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADCentralAccessPolicyEntry</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An ADCentralAccessPolicyEntry object is received by the Identity parameter.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADCentralAccessRule</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns one or more ADCentralAccessRule objects.</maml:para><maml:para>The Get-ADCentralAccessRule cmdlet returns a default set of ADCentralAccessRule property values. To retrieve additional ADCentralAccessRule properties, use the Properties parameter of the cmdlet.</maml:para><maml:para>To view the properties for an ADCentralAccessRule object, see the following examples. To run these examples, replace <object> with an Active Directory object identifier. </maml:para><maml:para>To get a list of the default set of properties of an ADCentralAccessRule object, use the following command:</maml:para><maml:para>Get-ADCentralAccessRule<object></maml:para><maml:para>To get a list of all the properties of an ADCentralAccessRule object, use the following command:</maml:para><maml:para>Get-ADCentralAccessRule<object>-Properties *</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADCentralAccessRule -Filter * </dev:code><dev:remarks><maml:para>This command retrieves a list of all central access rules.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADCentralAccessRule -Filter { ResourceCondition -like "*Department*" } </dev:code><dev:remarks><maml:para>This command retrieves the central access rules that have Department in its resource condition. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADCentralAccessRule -Identity "Financial Documents Rule" </dev:code><dev:remarks><maml:para>This command retrieves a central access rule named Finance Documents Rule.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291018</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADCentralAccessRule</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADCentralAccessRule</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADCentralAccessRule</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADClaimTransformPolicy</command:name><maml:description><maml:para>Returns one or more Active Directory claim transform objects based on a specified filter.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADClaimTransformPolicy</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADClaimTransformPolicy cmdlet returns one or more Active Directory claim transform objects based on a specified filter.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADClaimTransformPolicy</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter.</maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, see about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADClaimTransformPolicy</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimTransformPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADClaimTransformPolicy</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter.</maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, see about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimTransformPolicy</command:parameterValue><dev:type><maml:name>ADClaimTransformPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue>All Sites (Filter *)</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADClaimTransformPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A claim transform policy object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADClaimTransformPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADClaimTransformPolicy -Filter * </dev:code><dev:remarks><maml:para>This command retrieves a list of all claims transformation policies.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$contoso = Get-ADTrust -Identity "corp.contoso.com" PS C:\> Get-ADClaimTransformPolicy -Filter {IncomingTrust -eq $contoso -or OutgoingTrust -eq $contoso} </dev:code><dev:remarks><maml:para>This example gets all the claims transformation policies that are applied to trusts made with corp.contoso.com. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADClaimTransformPolicy -Identity DenyAllPolicy </dev:code><dev:remarks><maml:para>This command gets the claims transformation policy with the name DenyAllPolicy.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADClaimTransformPolicy -LDAPFilter "(name=DenyAll*)" </dev:code><dev:remarks><maml:para>This command gets information on any claims transformation policies using an LDAP-based query filter that looks for matches where policies have a name that starts with the word DenyAll.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291019</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADClaimType</command:name><maml:description><maml:para>Returns a claim type from Active Directory. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADClaimType</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADClaimType cmdlet returns a claim type defined in Active Drectory.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADClaimType</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. </maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects. </maml:para><maml:para>The default is $null.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter.</maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, see about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADClaimType</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute.The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimType</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADClaimType</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. </maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects. </maml:para><maml:para>The default is $null.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter.</maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, see about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute.The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimType</command:parameterValue><dev:type><maml:name>ADClaimType</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. </maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue>256</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects. </maml:para><maml:para>The default is $null.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADClaimType</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADClaimType</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADClaimType -Filter * </dev:code><dev:remarks><maml:para>This command retrieves a list of all claim types. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADClaimType -Filter {SourceAttribute -eq 'title'} </dev:code><dev:remarks><maml:para>This command gets all the claim types that are sourced from the attribute title.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADClaimType -Identity "Employee Type" </dev:code><dev:remarks><maml:para>This command gets the claim type with display name Employee Type.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADClaimType -Identity "Employee Type" -Properties * </dev:code><dev:remarks><maml:para>This command gets all properties of the claim type with display name Employee Type. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291020</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADComputer</command:name><maml:description><maml:para>Gets one or more Active Directory computers.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADComputer</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADComputer cmdlet gets a computer or performs a search to retrieve multiple computers.</maml:para><maml:para>The Identity parameter specifies the Active Directory computer to retrieve. You can identify a computer by its distinguished name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. You can also set the parameter to a computer object variable, such as $<localComputerObject> or pass a computer object through the pipeline to the Identity parameter.</maml:para><maml:para>To search for and retrieve more than one computer, use the Filter or LDAPFilter parameters. The Filter parameter uses the PowerShell Expression Language to write query strings for Active Directory. PowerShell Expression Language syntax provides rich type conversion support for value types received by the Filter parameter. For more information about the Filter parameter syntax, type Get-Help about_ActiveDirectory_Filter. If you have existing LDAP query strings, you can use the LDAPFilter parameter.</maml:para><maml:para>This cmdlet retrieves a default set of computer object properties. To retrieve additional properties use the Properties parameter. For more information about the how to determine the properties for computer objects, see the Properties parameter description.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADComputer</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query.</maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects. </maml:para><maml:para>The default is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under.</maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain.</maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Base</command:parameterValue><command:parameterValue required="true" variableLength="false">OneLevel</command:parameterValue><command:parameterValue required="true" variableLength="false">Subtree</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter.</maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADComputer</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory computer object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A Security Accounts Manager Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the identifier given is a DN, the partition to search will be computed from that DN. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a computer object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADComputer</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADComputer</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query.</maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects. </maml:para><maml:para>The default is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under.</maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain.</maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Base</command:parameterValue><command:parameterValue required="true" variableLength="false">OneLevel</command:parameterValue><command:parameterValue required="true" variableLength="false">Subtree</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter.</maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory computer object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A Security Accounts Manager Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the identifier given is a DN, the partition to search will be computed from that DN. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a computer object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADComputer</command:parameterValue><dev:type><maml:name>ADComputer</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query.</maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue>256</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects. </maml:para><maml:para>The default is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under.</maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain.</maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADSearchScope</command:parameterValue><dev:type><maml:name>ADSearchScope</maml:name><maml:uri /></dev:type><dev:defaultValue>Subtree</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADComputer</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A computer object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADComputer</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns one or more computer objects. </maml:para><maml:para>This Get-ADComputer cmdlet returns a default set of ADComputer property values. To retrieve additional ADComputer properties, use the Properties parameter of this cmdlet. </maml:para><maml:para>To view the properties for an ADComputer object, see the following examples. To run these examples, replace <computer> with a computer identifier such as the SAM account name of your local computer.</maml:para><maml:para>To get a list of the default set of properties of an ADComputer object, use the following command:</maml:para><maml:para>Get-ADComputer<computer>| Get-Member </maml:para><maml:para>To get a list of all the properties of an ADComputer object, use the following command:</maml:para><maml:para>Get-ADComputer<computer>-Properties ALL | Get-Member </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS with its default schema. By default AD LDS schema does not have a computer class, but if the schema is extended to include it, this cmdlet will work with LDS.</maml:para></maml:alert><maml:alert></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADComputer -Identity "Fabrikam-SRV1" -Properties * AccountExpirationDate : accountExpires : 9223372036854775807 AccountLockoutTime : AccountNotDelegated : False AllowReversiblePasswordEncryption : False BadLogonCount : CannotChangePassword : False CanonicalName : Fabrikam.com/Computers/fabrikam-srv1 Certificates : {} CN : fabrikam-srv1 codePage : 0 countryCode : 0 Created : 3/16/2009 4:15:00 PM createTimeStamp : 3/16/2009 4:15:00 PM Deleted : Description : DisplayName : DistinguishedName : CN=fabrikam-srv1,CN=Computers,DC=Fabrikam, DC=com DNSHostName : DoesNotRequirePreAuth : False dSCorePropagationData : {3/16/2009 4:21:51 PM, 12/31/1600 4:00:01 PM} Enabled : True HomedirRequired : False HomePage : instanceType : 0 IPv4Address : IPv6Address : isCriticalSystemObject : False isDeleted : LastBadPasswordAttempt : LastKnownParent : LastLogonDate : localPolicyFlags : 0 Location : NA/HQ/Building A LockedOut : False ManagedBy : CN=SQL Administrator 01,OU=UserAccounts,OU =Managed,DC=Fabrikam,DC=com MemberOf : {} MNSLogonAccount : False Modified : 3/16/2009 4:23:01 PM modifyTimeStamp : 3/16/2009 4:23:01 PM msDS-User-Account-Control-Computed : 0 Name : fabrikam-srv1 nTSecurityDescriptor : System.DirectoryServices.ActiveDirectorySe curity ObjectCategory : CN=Computer,CN=Schema,CN=Configuration,DC= Fabrikam,DC=com ObjectClass : computer ObjectGUID : 828306a3-8ccd-410e-9537-e6616662c0b0 objectSid : S-1-5-21-41432690-3719764436-1984117282-11 30 OperatingSystem : OperatingSystemHotfix : OperatingSystemServicePack : OperatingSystemVersion : PasswordExpired : False PasswordLastSet : PasswordNeverExpires : False PasswordNotRequired : False PrimaryGroup : CN=Domain Computers,CN=Users,DC=Fabrikam,D C=com primaryGroupID : 515 ProtectedFromAccidentalDeletion : False pwdLastSet : 0 SamAccountName : fabrikam-srv1$ sAMAccountType : 805306369 sDRightsEffective : 0 ServiceAccount : {} servicePrincipalName : {MSOLAPSVC.3/FABRIKAM-SRV1.FABRIKAM.COM:an alyze, MSSQLSVC/FABRIKAM-SRV1.FABRIKAM.COM :1456} ServicePrincipalNames : {MSOLAPSVC.3/FABRIKAM-SRV1.FABRIKAM.COM:an alyze, MSSQLSVC/FABRIKAM-SRV1.FABRIKAM.COM :1456} SID : S-1-5-21-41432690-3719764436-1984117282-11 30 SIDHistory : {} TrustedForDelegation : False TrustedToAuthForDelegation : False UseDESKeyOnly : False userAccountControl : 4096 userCertificate : {} UserPrincipalName : uSNChanged : 36024 uSNCreated : 35966 whenChanged : 3/16/2009 4:23:01 PM whenCreated : 3/16/2009 4:15:00 PM </dev:code><dev:remarks><maml:para>This command gets a specific computer showing all the properties.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADComputer -Filter 'Name -like "Fabrikam*"' -Properties IPv4Address | FT Name,DNSHostName,IPv4Address -A name dnshostname ipv4address ---- ----------- ----------- FABRIKAM-SRV1 FABRIKAM-SRV1.Fabrikam.com 10.194.99.181 FABRIKAM-SRV2 FABRIKAM-SRV2.Fabrikam.com 10.194.100.3 </dev:code><dev:remarks><maml:para>This command gets all the computers with a name starting by a particular string and showing the name, dns hostname and IPv4 address. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$d = [DateTime]::Today.AddDays(-90) PS C:\> Get-ADComputer -Filter 'PasswordLastSet -ge $d' -Properties PasswordLastSet | FT Name,PasswordLastSet Name PasswordLastSet ---- --------------- FABRIKAM-SRV4 3/12/2009 6:40:37 PM FABRIKAM-SRV5 3/12/2009 7:05:45 PM </dev:code><dev:remarks><maml:para>This example gets all the computers that have changed their password in the last 90 days.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADComputer -LDAPFilter "(name=*laptop*)" -SearchBase "CN=Computers,DC=Fabrikam,DC=com" name ---- saradavi-laptop jeffpr-laptop </dev:code><dev:remarks><maml:para>This command gets the computer accounts in the location CN=Computers,DC=Fabrikam,DC=com that are listed as laptops by using an LDAPFilter. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADComputer -Filter * </dev:code><dev:remarks><maml:para>This command gets all computer accounts. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291021</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ADComputerServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADComputerServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADComputer</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADComputer</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADComputerServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADComputer</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADComputerServiceAccount</command:name><maml:description><maml:para>Gets the service accounts hosted by a computer.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADComputerServiceAccount</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADComputerServiceAccount cmdlet gets all of the service accounts that are hosted by the specified computer. </maml:para><maml:para>The Computer parameter specifies the Active Directory computer that hosts the service accounts. You can identify a computer by its distinguished name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. You can also set the Computer parameter to a computer object variable, such as $<localComputerobject>, or pass a computer object through the pipeline to the Computer parameter. For example, you can use the Get-ADComputer cmdlet to retrieve a computer object and then pass the object through the pipeline to the Get-ADComputerServiceAccount cmdlet. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADComputerServiceAccount</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory computer object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- Security Accounts Manager Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the identifier given is a DN, the partition to search will be computed from that DN. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a computer object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADComputer</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory computer object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- Security Accounts Manager Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the identifier given is a DN, the partition to search will be computed from that DN. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a computer object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADComputer</command:parameterValue><dev:type><maml:name>ADComputer</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADComputer</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A computer object is received by the Computer parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns one or more objects that represent the service accounts hosted by the specified computer. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS. </maml:para></maml:alert><maml:alert></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADComputerServiceAccount -Identity ComputerAcct1 Enabled : True Name : SvcAcct1 UserPrincipalName : SamAccountName : SvcAcct1$ ObjectClass : msDS-ManagedServiceAccount SID : S-1-5-21-159507390-2980359153-3438059098-1104 ObjectGUID : 8d759d66-ef68-4360-aff6-ec3bb3425ac1 HostComputers : {CN=ComputerAcct1,CN=Computers,DC=contoso,DC=com} DistinguishedName : CN=SvcAcct1,CN=Managed Service Accounts,DC=contoso,DC=com </dev:code><dev:remarks><maml:para>This command gets the service accounts hosted on a computer account ComputerAcct1.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291022</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ADComputerServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADComputer</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADComputerServiceAccount</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADDCCloningExcludedApplicationList</command:name><maml:description><maml:para>Returns the list of installed programs and services present on this domain controller that are not in the default or user defined inclusion list. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADDCCloningExcludedApplicationList</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADDCCloningExcludedApplicationList cmdlet searches the local domain controller for programs and services in the installed programs database, the services control manager that are not specified in the default and user defined inclusion list. The applications in the resulting list can be added to the user defined exclusion list if they are determined to support cloning. If the applications are not cloneable, they should be removed from the source domain controller before the clone media is created. Any application that appears in cmdlet output and is not included in the user defined inclusion list will force cloning to fail.</maml:para><maml:para>Once you have granted a source virtualized DC permissions to be cloned, the Get-ADDCCloningExcludedApplicationList cmdlet should be run a first time with no additional parameters on the source virtualized domain controller to identify all programs or services that are to be evaluated for cloning. Next, vet the returned list with your software vendors and remove any applications from the list that cannot be safely cloned. Finally, you can run the Get-ADDCCloningExcludedApplicationList cmdlet again using the GenerateXml parameter set to create the CustomDCCloneAllowList.xml file.</maml:para><maml:para>The Get-ADDCCloningExcludedApplicationList cmdlet needs to be run before the New-ADDCCloneConfigFile cmdlet is used because if the New-ADDCCloneConfigFile cmdlet detects an excluded application, it will not create a DCCloneConfig.xml file. For more information on virtual domain controller cloning, see the guidance on AD DS virtualization at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=208030</maml:linkText><maml:uri></maml:uri></maml:navigationLink> on TechNet. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADDCCloningExcludedApplicationList</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Force</maml:name><maml:description><maml:para>Forces an overwrite of an existing CustomDCCloneAllowList.xml file if one is found to exist at the folder path specified in the Path parameter.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the folder path to use when creating the CustomDCCloneAllowList.xml file using the GenerateXml parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>GenerateXml</maml:name><maml:description><maml:para>Indicates whether to create the CustomDCCloneAllowList.xml file and writes it in the location specified using the Path parameter.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Force</maml:name><maml:description><maml:para>Forces an overwrite of an existing CustomDCCloneAllowList.xml file if one is found to exist at the folder path specified in the Path parameter.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>GenerateXml</maml:name><maml:description><maml:para>Indicates whether to create the CustomDCCloneAllowList.xml file and writes it in the location specified using the Path parameter.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the folder path to use when creating the CustomDCCloneAllowList.xml file using the GenerateXml parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>ADEntity </maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADDCCloningExcludedApplicationList </dev:code><dev:remarks><maml:para>This command displays the excluded application list to the console. If there is already a CustomDCCloneAllowList.xml file, this cmdlet displays the delta of that list compared to the operating system, which may be nothing if the lists match. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADDCCloningExcludedApplicationList -GenerateXml -Path C:\Windows\NTDS -Force </dev:code><dev:remarks><maml:para>This command generates the excluded application list as a file named CustomDCCloneAllowList.xml at the specified folder path, C:\Windows\NTDS, and forces overwrite if a file by that name is found to already exist at that path location. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291023</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADDefaultDomainPasswordPolicy</command:name><maml:description><maml:para>Gets the default password policy for an Active Directory domain.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADDefaultDomainPasswordPolicy</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADDefaultDomainPasswordPolicy cmdlet gets the default password policy for a domain. </maml:para><maml:para>The Identity parameter specifies the Active Directory domain. You can identify a domain by its Distinguished Name (DN), GUID, Security Identifier (SID), DNS domain name, or NETBIOS name. You can also set the parameter to a domain object variable, such as $<localDomainObject> or pass a domain object through the pipeline to the Identity parameter. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADDefaultDomainPasswordPolicy</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Current</maml:name><maml:description><maml:para>Specifies whether to return the domain of the local computer or the current logged on user (CLU). The acceptable values for this parameter are: -- LocalComputer or 0 -- LoggedOnUser or 1</maml:para><maml:para> </maml:para><maml:para> </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">LocalComputer</command:parameterValue><command:parameterValue required="true" variableLength="false">LoggedOnUser</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADDefaultDomainPasswordPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory domain object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. All values are for the domainDNS object that represents the domain. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A DNS domain name -- A NetBIOS domain name</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a domain object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDefaultDomainPasswordPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Current</maml:name><maml:description><maml:para>Specifies whether to return the domain of the local computer or the current logged on user (CLU). The acceptable values for this parameter are: -- LocalComputer or 0 -- LoggedOnUser or 1</maml:para><maml:para> </maml:para><maml:para> </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADCurrentDomainType</command:parameterValue><dev:type><maml:name>ADCurrentDomainType</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory domain object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. All values are for the domainDNS object that represents the domain. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A DNS domain name -- A NetBIOS domain name</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a domain object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDefaultDomainPasswordPolicy</command:parameterValue><dev:type><maml:name>ADDefaultDomainPasswordPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADDomain</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A domain object is received by the Identity parameter.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADDefaultDomainPasswordPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the default domain password policy object for the specified domain.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work when targeting a snapshot using the Server parameter.</maml:para></maml:alert><maml:alert></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADDefaultDomainPasswordPolicy -Current LoggedOnUser </dev:code><dev:remarks><maml:para>This command gets the default domain password policy from current logged on user domain.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADDefaultDomainPasswordPolicy -Current LocalComputer </dev:code><dev:remarks><maml:para>This command gets the default domain password policy from current local computer.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADDefaultDomainPasswordPolicy -Identity fabrikam.com </dev:code><dev:remarks><maml:para>This command gets the default domain password policy from the domain specified by the Site parameter.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>(Get-ADForest -Current LoggedOnUser).Domains | %{ Get-ADDefaultDomainPasswordPolicy -Identity $_ } </dev:code><dev:remarks><maml:para>This command gets the default domain password policy objects from all the domains in the forest.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADDefaultDomainPasswordPolicy </dev:code><dev:remarks><maml:para>This command gets the default domain password policy from current logged on user domain.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291024</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADDomain</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADDomain</command:name><maml:description><maml:para>Gets an Active Directory domain.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADDomain</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADDomain cmdlet gets the Active Directory domain specified by the parameters. You can specify the domain by setting the Identity or Current parameters. </maml:para><maml:para>The Identity parameter specifies the Active Directory domain to get. You can identify the domain object to get by its Distinguished Name (DN), GUID, Security Identifier (SID), DNS domain name, or NetBIOS name. You can also set the parameter to a domain object variable, such as $<localDomainObject> or pass a domain object through the pipeline to the Identity parameter. </maml:para><maml:para>To get the domain of the local computer or current logged on user (CLU) set the Current parameter to LocalComputer or LoggedOnUser. When you set the Current parameter, you do not need to set the Identity parameter. </maml:para><maml:para>When the Current parameter is set to LocalComputer or LoggedOnUser, the cmdlet uses the Server and Credential parameters according to the following rules. </maml:para><maml:para>- If both the Server and Credential parameters are not specified: </maml:para><maml:para>-- The domain is set to the domain of the LocalComputer or LoggedOnUser and a server is located in this domain. The credentials of the current logged on user are used to get the domain. </maml:para><maml:para>- If the Server parameter is specified and the Credential parameter is not specified: </maml:para><maml:para>-- The domain is set to the domain of the specified server and the cmdlet checks to make sure that the server is in the domain of the LocalComputer or LoggedOnUser. Then the credentials of the current logged on user are used to get the domain. An error is returned when the server is not in the domain of the LocalComputer or LoggedOnUser. </maml:para><maml:para>- If the Server parameter is not specified and the Credential parameter is specified: </maml:para><maml:para>-- The domain is set to the domain of the LocalComputer or LoggedOnUser and a server is located in this domain. Then the credentials specified by the Credential parameter are used to get the domain. </maml:para><maml:para>- If the Server and Credential parameters are specified: </maml:para><maml:para>-- The domain is set to the domain of the specified server and the cmdlet checks to make sure that the server is in the domain of the LocalComputer or LoggedOnUser. Then the credentials specified by the Credential parameter are used to get the domain. An error is returned when the server is not in the domain of the LocalComputer or LoggedOnUser. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADDomain</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Current</maml:name><maml:description><maml:para>Specifies whether to return the domain of the local computer or the current logged on user (CLU). The acceptable values for this parameter are: -- LocalComputer or 0 -- LoggedOnUser or 1 </maml:para><maml:para></maml:para><maml:para></maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">LocalComputer</command:parameterValue><command:parameterValue required="true" variableLength="false">LoggedOnUser</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADDomain</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory domain object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. All values are for the domainDNS object that represents the domain. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A DNS domain name -- A NetBIOS domain name </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a domain object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDomain</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Current</maml:name><maml:description><maml:para>Specifies whether to return the domain of the local computer or the current logged on user (CLU). The acceptable values for this parameter are: -- LocalComputer or 0 -- LoggedOnUser or 1 </maml:para><maml:para></maml:para><maml:para></maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADCurrentDomainType</command:parameterValue><dev:type><maml:name>ADCurrentDomainType</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory domain object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. All values are for the domainDNS object that represents the domain. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A DNS domain name -- A NetBIOS domain name </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a domain object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDomain</command:parameterValue><dev:type><maml:name>ADDomain</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADDomain</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A domain object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADDomain</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns one or more domain objects. </maml:para><maml:para>The cmdlet returns all of the properties of the domain. To view all of the properties for an ADDomain object, use the following command and replace <domain> with a domain controller identifier such as a DNS host name. </maml:para><maml:para>Get-ADDomain<domain>| Get-Member</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work when targeting a snapshot using the Server parameter.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADDomain -Identity fabrikam.com </dev:code><dev:remarks><maml:para>This command gets the domain information for the domain fabrikam.com. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADDomain -Current LocalComputer </dev:code><dev:remarks><maml:para>This command gets the domain information of the current local computer domain. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADDomain -Current LoggedOnUser </dev:code><dev:remarks><maml:para>This command gets the domain information for the domain of the currently logged on user. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADDomain AllowedDNSSuffixes : {} ChildDomains : {} ComputersContainer : CN=Computers,DC=Fabrikam,DC=com DeletedObjectsContainer : CN=Deleted Objects,DC=Fabrikam,DC=com DistinguishedName : DC=Fabrikam,DC=com DNSRoot : Fabrikam.com DomainControllersContainer : OU=Domain Controllers,DC=Fabrikam,DC=com DomainMode : Windows2003Domain DomainSID : S-1-5-21-41432690-3719764436-1984117282 ForeignSecurityPrincipalsContainer : CN=ForeignSecurityPrincipals,DC=Fabrikam,DC=com Forest : Fabrikam.com InfrastructureMaster : Fabrikam-DC1.Fabrikam.com LastLogonReplicationInterval : LinkedGroupPolicyObjects : {CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Fabrikam,DC=com} LostAndFoundContainer : CN=LostAndFound,DC=Fabrikam,DC=com ManagedBy : Name : Fabrikam NetBIOSName : FABRIKAM ObjectClass : domainDNS ObjectGUID : b63b4f44-58b9-49cf-8911-b36e8575d5eb ParentDomain : PDCEmulator : Fabrikam-DC1.Fabrikam.com QuotasContainer : CN=NTDS Quotas,DC=Fabrikam,DC=com ReadOnlyReplicaDirectoryServers : {CSD2722780.Fabrikam.com} ReplicaDirectoryServers : {Fabrikam-DC1.Fabrikam.com} RIDMaster : Fabrikam-DC1.Fabrikam.com SubordinateReferences : {DC=ForestDnsZones,DC=Fabrikam,DC=com, DC=DomainDnsZones,DC=Fabrikam,DC=com, CN=Co nfiguration,DC=Fabrikam,DC=com} SystemsContainer : CN=System,DC=Fabrikam,DC=com UsersContainer : CN=Users,DC=Fabrikam,DC=com </dev:code><dev:remarks><maml:para>This command gets the domain information for the domain of the currently logged on user. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291025</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADDomain</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADDomainMode</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADDomainController</command:name><maml:description><maml:para>Gets one or more Active Directory domain controllers based on discoverable services criteria, search parameters or by providing a domain controller identifier, such as the NetBIOS name.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADDomainController</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADDomainController cmdlet gets the domain controllers specified by the parameters. You can get domain controllers by setting the Identity, Filter or Discover parameters. </maml:para><maml:para>The Identity parameter specifies the domain controller to get. You can identify a domain controller by its GUID, IPV4Address, global IPV6Address, or DNS host name. You can also identify a domain controller by the name of the server object that represents the domain controller, the Distinguished Name (DN) of the NTDS settings object or the server object, the GUID of the NTDS settings object or the server object under the configuration partition, or the DN of the computer object that represents the domain controller. You can also set the Identity parameter to a domain controller object variable, such as $<localDomainControllerObject>, or pass a domain controller object through the pipeline to the Identity parameter. </maml:para><maml:para>To search for and retrieve more than one domain controller, use the Filter parameter. The Filter parameter uses the PowerShell Expression Language to write query strings for Active Directory. PowerShell Expression Language syntax provides rich type conversion support for value types received by the Filter parameter. For more information about the Filter parameter syntax, type Get-Help about_ActiveDirectory_Filter. You cannot use an LDAP query string with this cmdlet. </maml:para><maml:para>To get a domain controller by using the discovery mechanism of DCLocator, use the Discover parameter. You can provide search criteria by setting parameters such as Service, SiteName, DomainName, NextClosestSite, AvoidSelf, and ForceDiscover. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADDomainController</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory domain controller object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. Unless specified otherwise, these values are for the server object that represents the domain controller. The acceptable values for this parameter are: -- A GUID (objectGUID) -- An IPV4Address -- A Global IPV6Address -- A DNS Host Name (dNSHostName) -- The name of the server object -- The Distinguished Name of the NTDS Settings object -- The Distinguished Name of the server object that represents the domain controller -- The GUID of NTDS settings object under the configuration partition -- The GUID of server object under the configuration partition -- The Distinguished Name of the computer object that represents the domain controller </maml:para><maml:para></maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDomainController</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADDomainController</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AvoidSelf</maml:name><maml:description><maml:para>Specifies to not return the current computer as a domain controller. If the current computer is not a domain controller, this parameter is ignored. You can specify this parameter when you want to get the name of another domain controller in the domain. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DomainName</maml:name><maml:description><maml:para>Specifies the domain to search. The cmdlet locates a discoverable domain controller in this domain. Specify the domain by using the NetBIOS name or Fully Qualified Domain Name (FQDN) of the domain. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ForceDiscover</maml:name><maml:description><maml:para>Indicates that the cmdlet to clears any cached domain controller information and perform a new discovery. If this parameter is not specified the cmdlet may return cached domain controller information. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>MinimumDirectoryServiceVersion</maml:name><maml:description><maml:para>Species the earliest operating system that the domain controller can have so that it is returned by the cmdlet when getting a DC using Discover parameter. The acceptable values for this parameter are: -- Windows2000 or 1 -- Windows2008 or 2</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Windows2000</command:parameterValue><command:parameterValue required="true" variableLength="false">Windows2008</command:parameterValue><command:parameterValue required="true" variableLength="false">Windows2012</command:parameterValue><command:parameterValue required="true" variableLength="false">Windows2012R2</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>NextClosestSite</maml:name><maml:description><maml:para>Specifies to return a domain controller in the next closest site when a domain controller is not found in the site that contains the client. The next closest site is the site with the lowest site link cost with respect to the current site. Costs between sites are based on factors such as bandwidth, as well as physical proximity. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Service</maml:name><maml:description><maml:para>Species the types of domain controllers to get. You can specify more than one type by using a comma-separated list. The acceptable values for this parameter are: -- PrimaryDC or 1 -- GlobalCatalog or 2 -- KDC or 3 -- TimeService or 4 -- ReliableTimeService or 5 -- ADWS or 6 </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="true">ADWS</command:parameterValue><command:parameterValue required="true" variableLength="true">GlobalCatalog</command:parameterValue><command:parameterValue required="true" variableLength="true">KDC</command:parameterValue><command:parameterValue required="true" variableLength="true">PrimaryDC</command:parameterValue><command:parameterValue required="true" variableLength="true">ReliableTimeService</command:parameterValue><command:parameterValue required="true" variableLength="true">TimeService</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SiteName</maml:name><maml:description><maml:para>Specifies the name of a site to search in to find the domain controller. If this parameter is not set, the cmdlet searches for domain controllers in the same site as the client. The name of the site is defined by the Name property of the site object. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Writable</maml:name><maml:description><maml:para>Specifies whether this is a writable domain controller.</maml:para></maml:description></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Discover</maml:name><maml:description><maml:para>Specifies to return a discoverable domain controller that meets the conditions specified by the cmdlet parameters. </maml:para><maml:para>To get a domain controller by using the discovery mechanism of DCLocator, use the Discover parameter. Along with this parameter, you can provide search criteria by setting parameters such as Service, SiteName, DomainName, NextClosestSite, AvoidSelf, and ForceDiscover. </maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADDomainController</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AvoidSelf</maml:name><maml:description><maml:para>Specifies to not return the current computer as a domain controller. If the current computer is not a domain controller, this parameter is ignored. You can specify this parameter when you want to get the name of another domain controller in the domain. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Discover</maml:name><maml:description><maml:para>Specifies to return a discoverable domain controller that meets the conditions specified by the cmdlet parameters. </maml:para><maml:para>To get a domain controller by using the discovery mechanism of DCLocator, use the Discover parameter. Along with this parameter, you can provide search criteria by setting parameters such as Service, SiteName, DomainName, NextClosestSite, AvoidSelf, and ForceDiscover. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DomainName</maml:name><maml:description><maml:para>Specifies the domain to search. The cmdlet locates a discoverable domain controller in this domain. Specify the domain by using the NetBIOS name or Fully Qualified Domain Name (FQDN) of the domain. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue>Name of the domain to which this machine is joined</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ForceDiscover</maml:name><maml:description><maml:para>Indicates that the cmdlet to clears any cached domain controller information and perform a new discovery. If this parameter is not specified the cmdlet may return cached domain controller information. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory domain controller object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. Unless specified otherwise, these values are for the server object that represents the domain controller. The acceptable values for this parameter are: -- A GUID (objectGUID) -- An IPV4Address -- A Global IPV6Address -- A DNS Host Name (dNSHostName) -- The name of the server object -- The Distinguished Name of the NTDS Settings object -- The Distinguished Name of the server object that represents the domain controller -- The GUID of NTDS settings object under the configuration partition -- The GUID of server object under the configuration partition -- The Distinguished Name of the computer object that represents the domain controller </maml:para><maml:para></maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDomainController</command:parameterValue><dev:type><maml:name>ADDomainController</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>MinimumDirectoryServiceVersion</maml:name><maml:description><maml:para>Species the earliest operating system that the domain controller can have so that it is returned by the cmdlet when getting a DC using Discover parameter. The acceptable values for this parameter are: -- Windows2000 or 1 -- Windows2008 or 2</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADMinimumDirectoryServiceVersion</command:parameterValue><dev:type><maml:name>ADMinimumDirectoryServiceVersion</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>NextClosestSite</maml:name><maml:description><maml:para>Specifies to return a domain controller in the next closest site when a domain controller is not found in the site that contains the client. The next closest site is the site with the lowest site link cost with respect to the current site. Costs between sites are based on factors such as bandwidth, as well as physical proximity. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Service</maml:name><maml:description><maml:para>Species the types of domain controllers to get. You can specify more than one type by using a comma-separated list. The acceptable values for this parameter are: -- PrimaryDC or 1 -- GlobalCatalog or 2 -- KDC or 3 -- TimeService or 4 -- ReliableTimeService or 5 -- ADWS or 6 </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADDiscoverableService[]</command:parameterValue><dev:type><maml:name>ADDiscoverableService[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SiteName</maml:name><maml:description><maml:para>Specifies the name of a site to search in to find the domain controller. If this parameter is not set, the cmdlet searches for domain controllers in the same site as the client. The name of the site is defined by the Name property of the site object. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue>Name of the site that the client is in</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Writable</maml:name><maml:description><maml:para>Specifies whether this is a writable domain controller.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADDomainController</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A domain controller object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADDomainController</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns one or more domain controller objects. </maml:para><maml:para>When you use the Discover parameter to get a domain controller, the cmdlet returns a default set of property values for each domain controller. </maml:para><maml:para>When you use the Identity or Filter parameters to get a domain controller, this cmdlet returns all of the properties of the domain controller. </maml:para><maml:para>To view all of the properties for an ADDomainController object, use the following command and replace <domaincontroller> with a domain controller identifier such as a DNS host name. </maml:para><maml:para>Get-ADDomainController<domaincontroller>| Get-Member</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>The Name and HostName properties of the ADDomainController objects returned by the cmdlet are set according to the following rules: </maml:para><maml:para>-- If the Discover parameter is used, HostName is the Fully Qualified Domain Name of the Domain Controller, and the Name is the NetBIOS name of the Domain Controller. With the Discover parameter, the cmdlet will perform a second DCLocator call, to populate the Name property. This property will not be set, to the NetBIOS name of the Domain Controller, if the WINS service is unavailable. </maml:para><maml:para>-- If the Identity or the Filter parameter is used, HostName is the DNSHostName attribute of the Domain Controller object, and the Name is the Name (RDN) attribute of the Domain Controller object. With the Identity or the Filter parameter, the HostName property will not be set, if the DNSHostName attribute of the Domain Controller object is null. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with AD LDS. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work when targeting a snapshot using the Server parameter. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADDomainController -Discover -Site "Default-First-Site-Name" </dev:code><dev:remarks><maml:para>This command gets one available DC in the site specified by the Site parameter. The command uses Discovery. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADDomainController -Discover -Site "Default-First-Site-Name" -ForceDiscover </dev:code><dev:remarks><maml:para>This command force discovers or finds one available DC in the site specified by the Site parameter. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADDomainController -Discover -Service "GlobalCatalog" </dev:code><dev:remarks><maml:para>This command gets a global catalog in the current forest using Discovery. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADDomainController -Discover -Service 2 </dev:code><dev:remarks><maml:para>This command gets a global catalog in the current forest using Discovery. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADDomainController -Discover </dev:code><dev:remarks><maml:para>This command gets one available DC in the current domain using Discovery. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 6 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADDomainController -Discover -Domain "fabrikam.com" </dev:code><dev:remarks><maml:para>This command gets one available DC in a given domain using Discovery. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 7 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADDomainController -Discover -Domain "corp.contoso.com" -Service "PrimaryDC","TimeService" </dev:code><dev:remarks><maml:para>This command gets the PDC using Discovery and make sure that is advertising as a time server. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 8 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADDomainController -Identity "PDC-01" </dev:code><dev:remarks><maml:para>This command gets a domain controller using its NetBIOS name. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 9 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADDomainController -Identity "TK5-CORP-DC-10.fabrikam.com" -Server "fabrikam.com" -Credential "corp\administrator" </dev:code><dev:remarks><maml:para>This command gets a domain controller using its DNS host name, in the domain specified by the Site parameter, specified in Server parameter, and specifying administrator credentials. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 10 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADDomainController -Identity "168.54.62.57" </dev:code><dev:remarks><maml:para>This command get a domain controller using its IP address. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 11 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADDomainController -Filter { isGlobalCatalog -eq $true -and Site -eq "Default-First-Site-Name" } </dev:code><dev:remarks><maml:para>This command gets all global catalogs in the site specified by the Site parameter. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 12 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADDomainController -Server "research.fabrikam.com" -Filter { isGlobalCatalog -eq $true -and isReadOnly -eq $true } </dev:code><dev:remarks><maml:para>This command gets all ROGCs in the child domain to which the client is connected. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 13 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADDomainController </dev:code><dev:remarks><maml:para>This command gets the domain controller in the user's current session. This is the domain controller used as a default Server in the context of an AD Provider. Using this cmdlet in this way will let you know which Server is being used by default. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 14 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$allDCs = (Get-ADForest).Domains | %{ Get-ADDomainController -Filter * -Server $_ } </dev:code><dev:remarks><maml:para>This command gets a list of all of the domain controllers for all the domains within a forest. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291026</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ADDomainControllerPasswordReplicationPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADDomainControllerPasswordReplicationPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADDomainControllerPasswordReplicationPolicy</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADDomainControllerPasswordReplicationPolicy</command:name><maml:description><maml:para>Gets the members of the allowed list or denied list of a read-only domain controller's password replication policy.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADDomainControllerPasswordReplicationPolicy</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADDomainControllerPasswordReplicationPolicy cmdlet gets the users, computers, service accounts and groups that are members of the applied list or denied list for a read-only domain controller's (RODC) password replication policy. To get the members of the applied list, specify the AppliedList parameter. To get the members of the denied list, specify the DeniedList parameter.</maml:para><maml:para>The Identity parameter specifies the RODC that uses the allowed and denied lists to apply the password replication policy. You can identify a domain controller by its GUID, IPV4Address, IPV6Address, or DNS host name. You can also identify a domain controller by the name of the server object that represents the domain controller, the Distinguished Name (DN) of the NTDS settings object or the server object, the GUID of the NTDS settings object or the server object under the configuration partition, or the DN of the computer object that represents the domain controller. </maml:para><maml:para>You can also set the Identity parameter to a domain controller object variable, such as $<localDomainControllerobject>, or pass a domain controller object through the pipeline operator to the Identity parameter. For example, you can use the Get-ADDomainController cmdlet to retrieve a domain controller object and then pass the object through the pipeline operator to the Get-ADDomainControllerPasswordReplicationPolicy cmdlet. </maml:para><maml:para>If you specify a writeable domain controller for this cmdlet, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADDomainControllerPasswordReplicationPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory domain controller object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A GUID (objectGUID) -- An IPV4Address -- A Global IPV6Address -- A DNS Host Name (dNSHostName) -- A name of the server object -- A Distinguished Name of the NTDS Settings object -- A Distinguished Name of the server object that represents the domain controller -- A GUID of NTDS settings object under the configuration partition -- A GUID of server object under the configuration partition -- A Distinguished Name of the computer object that represents the domain controller. </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDomainController</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Allowed</maml:name><maml:description><maml:para>Specifies a search for accounts that have been authenticated by a read-only domain controller.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para><maml:para>Specifies the credentials for the security context under which the task is performed. If this security context doesn't have directory level permissions to perform the task, then an error is returned by the directory. If running under the context of an AD PowerShell provider drive, the credentials information associated with the drive is used as the default value; otherwise, the currently logged on user security context is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADDomainControllerPasswordReplicationPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory domain controller object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A GUID (objectGUID) -- An IPV4Address -- A Global IPV6Address -- A DNS Host Name (dNSHostName) -- A name of the server object -- A Distinguished Name of the NTDS Settings object -- A Distinguished Name of the server object that represents the domain controller -- A GUID of NTDS settings object under the configuration partition -- A GUID of server object under the configuration partition -- A Distinguished Name of the computer object that represents the domain controller. </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDomainController</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para><maml:para>Specifies the credentials for the security context under which the task is performed. If this security context doesn't have directory level permissions to perform the task, then an error is returned by the directory. If running under the context of an AD PowerShell provider drive, the credentials information associated with the drive is used as the default value; otherwise, the currently logged on user security context is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Denied</maml:name><maml:description><maml:para>Specifies the users, computers, groups or other accounts to add to the list of accounts that are denied the right to replicate their passwords to this Read-only domain controller (RODC). You can specify more than one value by using a comma-separated list. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName) </maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Allowed</maml:name><maml:description><maml:para>Specifies a search for accounts that have been authenticated by a read-only domain controller.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para><maml:para>Specifies the credentials for the security context under which the task is performed. If this security context doesn't have directory level permissions to perform the task, then an error is returned by the directory. If running under the context of an AD PowerShell provider drive, the credentials information associated with the drive is used as the default value; otherwise, the currently logged on user security context is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Denied</maml:name><maml:description><maml:para>Specifies the users, computers, groups or other accounts to add to the list of accounts that are denied the right to replicate their passwords to this Read-only domain controller (RODC). You can specify more than one value by using a comma-separated list. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName) </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory domain controller object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A GUID (objectGUID) -- An IPV4Address -- A Global IPV6Address -- A DNS Host Name (dNSHostName) -- A name of the server object -- A Distinguished Name of the NTDS Settings object -- A Distinguished Name of the server object that represents the domain controller -- A GUID of NTDS settings object under the configuration partition -- A GUID of server object under the configuration partition -- A Distinguished Name of the computer object that represents the domain controller. </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDomainController</command:parameterValue><dev:type><maml:name>ADDomainController</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADDomainController</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A domain controller object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADPrincipal</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns one or more objects that represent the users, computers, service accounts and groups that are members of the applied list or denied list of the domain controller password replication policy. The list returned depends on the parameters specified. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work when targeting a snapshot using the Server parameter.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Get-ADDomainControllerPasswordReplicationPolicy -Identity "FABRIKAM-RODC1" -Allowed | ft Name,ObjectClass </dev:code><dev:remarks><maml:para>This command gets from an RODC domain controller password replication policy the allowed accounts showing the name and object class of each.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- EXAMPLE 2 --------------------------</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Get-ADDomainController -Filter {IsReadOnly -eq $true} | Get-ADDomainControllerPasswordReplicationPolicy -Allowed DistinguishedName : CN=Allowed RODC Password Replication Group,CN=Users,DC=Fabrikam,DC=com Name : Allowed RODC Password Replication Group ObjectClass : group ObjectGUID : 239b0470-7f49-472d-8fcb-4911e90b2c5e SamAccountName : Allowed RODC Password Replication Group SID : S-1-5-21-41432690-3719764436-1984117282-571 </dev:code><dev:remarks><maml:para>This command gets the password replication policy allowed lists from all RODCs in the domain. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291027</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ADDomainControllerPasswordReplicationPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADDomainControllerPasswordReplicationPolicy</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADDomainControllerPasswordReplicationPolicyUsage</command:name><maml:description><maml:para>Gets the Active Directory accounts that are authenticated by a read-only domain controller or that are in the revealed list of the domain controller.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADDomainControllerPasswordReplicationPolicyUsage</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADDomainControllerPasswordReplicationPolicyUsage cmdlet gets the user or computer accounts that are authenticated by a read-only domain controller (RODC) or that have passwords that are stored on that RODC. The list of accounts that are stored on a RODC is known as the revealed list. </maml:para><maml:para>To get accounts that are authenticated by the RODC, use the AuthenticatedAccounts parameter. To get the accounts that have passwords stored on the RODC, use the RevealedAccounts parameter. </maml:para><maml:para>The Identity parameter specifies the RODC. You can identify a domain controller by its GUID, IPV4Address, global IPV6Address, or DNS host name. You can also identify a domain controller by the name of the server object that represents the domain controller, the Distinguished Name (DN) of the NTDS settings object of the server object, the GUID of the NTDS settings object of the server object under the configuration partition, or the DN of the computer object that represents the domain controller. You can also set the Identity parameter to a domain controller object variable, such as $<localDomainControllerobject>, or pass a domain controller object through the pipeline to the Identity parameter. For example, you can use the Get-ADDomainController cmdlet to retrieve a domain controller object and then pass the object through the pipeline to the Get-ADDomainControllerPasswordReplicationPolicyUsage cmdlet. If you specify a writeable domain controller for this cmdlet, the cmdlet returns a non-terminating error.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADDomainControllerPasswordReplicationPolicyUsage</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory domain controller object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A GUID (objectGUID) -- An IPV4Address -- A Global IPV6Address -- A DNS Host Name (dNSHostName) -- A name of the server object -- A Distinguished Name of the NTDS Settings object -- A Distinguished Name of the server object that represents the domain controller -- A GUID of NTDS settings object under the configuration partition -- A GUID of server object under the configuration partition -- A Distinguished Name of the computer object that represents the domain controller. </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDomainController</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>Specifies the credentials for the security context under which the task is performed. If this security context doesn't have directory level permissions to perform the task, then an error is returned by the directory. If running under the context of an AD PowerShell provider drive, the credentials information associated with the drive is used as the default value; otherwise, the currently logged on user security context is used.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>RevealedAccounts</maml:name><maml:description><maml:para>Specifies a search for accounts which have passwords that are stored on the read-only domain controller. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADDomainControllerPasswordReplicationPolicyUsage</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory domain controller object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A GUID (objectGUID) -- An IPV4Address -- A Global IPV6Address -- A DNS Host Name (dNSHostName) -- A name of the server object -- A Distinguished Name of the NTDS Settings object -- A Distinguished Name of the server object that represents the domain controller -- A GUID of NTDS settings object under the configuration partition -- A GUID of server object under the configuration partition -- A Distinguished Name of the computer object that represents the domain controller. </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDomainController</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>Specifies the credentials for the security context under which the task is performed. If this security context doesn't have directory level permissions to perform the task, then an error is returned by the directory. If running under the context of an AD PowerShell provider drive, the credentials information associated with the drive is used as the default value; otherwise, the currently logged on user security context is used.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthenticatedAccounts</maml:name><maml:description><maml:para>Specifies a search for accounts that have been authenticated by a read-only domain controller.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthenticatedAccounts</maml:name><maml:description><maml:para>Specifies a search for accounts that have been authenticated by a read-only domain controller.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>Specifies the credentials for the security context under which the task is performed. If this security context doesn't have directory level permissions to perform the task, then an error is returned by the directory. If running under the context of an AD PowerShell provider drive, the credentials information associated with the drive is used as the default value; otherwise, the currently logged on user security context is used.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory domain controller object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A GUID (objectGUID) -- An IPV4Address -- A Global IPV6Address -- A DNS Host Name (dNSHostName) -- A name of the server object -- A Distinguished Name of the NTDS Settings object -- A Distinguished Name of the server object that represents the domain controller -- A GUID of NTDS settings object under the configuration partition -- A GUID of server object under the configuration partition -- A Distinguished Name of the computer object that represents the domain controller. </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDomainController</command:parameterValue><dev:type><maml:name>ADDomainController</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>RevealedAccounts</maml:name><maml:description><maml:para>Specifies a search for accounts which have passwords that are stored on the read-only domain controller. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADDomainController</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A domain controller object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADAccount</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns one or more account objects that represent the users, computers, and service accounts that are authenticated by the specified read-only domain controller (RODC) or that have passwords that are stored on the RODC.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work when targeting a snapshot using the Server parameter.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Get-ADDomainControllerPasswordReplicationPolicyUsage -Identity "FABRIKAM-RODC1" -AuthenticatedAccounts | ft Name,ObjectClass -A </dev:code><dev:remarks><maml:para>This command gets the authenticated accounts for the RODC specified by the Identity parameter. The command displays the name and object class of each.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- EXAMPLE 2 --------------------------</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Get-ADDomainControllerPasswordReplicationPolicyUsage -Identity "FABRIKAM-RODC1" -RevealedAccounts | ft Name,ObjectClass -A </dev:code><dev:remarks><maml:para>This command gets the revealed accounts for the RODC specified by the Identity parameter. The command displays the name and object class of each account returned.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- EXAMPLE 3 --------------------------</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Get-ADDomainController -Filter {IsReadOnly -eq $true} | Get-ADDomainControllerPasswordReplicationPolicyUsage DistinguishedName : CN=krbtgt_35512,CN=Users,DC=Fabrikam,DC=com Enabled : False Name : krbtgt_35512 ObjectClass : user ObjectGUID : 8c7268f9-add3-409c-968b-de029e517211 SamAccountName : krbtgt_35512 SID : S-1-5-21-41432690-3719764436-1984117282-1106 UserPrincipalName : DistinguishedName : CN=CSD2722780,OU=Domain Controllers,DC=Fabrikam,DC=com Enabled : True Name : CSD2722780 ObjectClass : computer ObjectGUID : 63a5e005-e01f-4fc9-ae71-9d9367f808bc SamAccountName : CSD2722780$ SID : S-1-5-21-41432690-3719764436-1984117282-1105 UserPrincipalName : </dev:code><dev:remarks><maml:para>This command gets the list of accounts cached across all RODCs in the domain.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291028</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADDomainController</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADFineGrainedPasswordPolicy</command:name><maml:description><maml:para>Gets one or more Active Directory fine-grained password policies.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADFineGrainedPasswordPolicy</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADFineGrainedPasswordPolicy cmdlet gets a fine-grained password policy or performs a search to retrieve multiple fine-grained password policies. </maml:para><maml:para>The Identity parameter specifies the Active Directory fine-grained password policy to get. You can identify a fine-grained password policy by its distinguished name (DN), GUID or name. You can also set the parameter to a fine-grained password policy object variable, such as $<localFineGrainedPasswordPolicyObject> or pass a fine-grained password policy object through the pipeline operator to the Identity parameter. </maml:para><maml:para>To search for and retrieve more than one fine-grained password policies, use the Filter or LDAPFilter parameters. The Filter parameter uses the PowerShell Expression Language to write query strings for Active Directory. PowerShell Expression Language syntax provides rich type conversion support for value types received by the Filter parameter. For more information about the Filter parameter syntax, type Get-Help about_ActiveDirectory_Filter. If you have existing LDAP query strings, you can use the LDAPFilter parameter. </maml:para><maml:para>This cmdlet retrieves a default set of fine-grained password policy object properties. To retrieve additional properties use the Properties parameter. For more information about the how to determine the properties for FineGrainedPasswordPolicy objects, see the Properties parameter description. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADFineGrainedPasswordPolicy</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object.</maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. </maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects. </maml:para><maml:para>The default is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under. </maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context is specified for the target AD LDS instance, then this parameter has no default value. </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error is thrown. </maml:para><maml:para></maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Base</command:parameterValue><command:parameterValue required="true" variableLength="false">OneLevel</command:parameterValue><command:parameterValue required="true" variableLength="false">Subtree</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADFineGrainedPasswordPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory fine-grained password policy object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a fine-grained password policy object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADFineGrainedPasswordPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object.</maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADFineGrainedPasswordPolicy</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object.</maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. </maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects. </maml:para><maml:para>The default is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under. </maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context is specified for the target AD LDS instance, then this parameter has no default value. </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error is thrown. </maml:para><maml:para></maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Base</command:parameterValue><command:parameterValue required="true" variableLength="false">OneLevel</command:parameterValue><command:parameterValue required="true" variableLength="false">Subtree</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object.</maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory fine-grained password policy object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a fine-grained password policy object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADFineGrainedPasswordPolicy</command:parameterValue><dev:type><maml:name>ADFineGrainedPasswordPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. </maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue>256</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects. </maml:para><maml:para>The default is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under. </maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context is specified for the target AD LDS instance, then this parameter has no default value. </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error is thrown. </maml:para><maml:para></maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADSearchScope</command:parameterValue><dev:type><maml:name>ADSearchScope</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A fine-grained password policy is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns one or more fine-grained password policy objects. </maml:para><maml:para>This cmdlet returns a default set of ADFineGrainedPasswordPolicy property values. To retrieve additional ADFineGrainedPasswordPolicy properties, use the Properties parameter. </maml:para><maml:para>To view the properties for an ADFineGrainedPasswordPolicy object, see the following examples. To run these examples, replace <fine grained password policy> with a fine-grained password policy identifier such as the name of your local fine-grained password policy. </maml:para><maml:para>To get a list of the default set of properties of an ADFineGrainedPasswordPolicy object, use the following command: </maml:para><maml:para>Get-ADFineGrainedPasswordPolicy<fine grained password policy>| Get-Member </maml:para><maml:para>To get a list of all the properties of an ADFineGrainedPasswordPolicy object, use the following command: </maml:para><maml:para>Get-ADFineGrainedPasswordPolicy<fine grained password policy>-Properties * | Get-Member </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work when targeting a snapshot using the Server parameter.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADFineGrainedPasswordPolicy -Filter {Name -like "*"} | ft Name, Precedence,MaxPasswordAge,MinPasswordLength -A Name Precedence MaxPasswordAge MinPasswordLength ---- ---------- -------------- ----------------- DomainUsersPSO 500 60.00:00:00 8 SvcAccPSO 100 30.00:00:00 20 AdminsPSO 200 15.00:00:00 10 DlgtdAdminsPSO 300 20.00:00:00 10 </dev:code><dev:remarks><maml:para>Description </maml:para><maml:para>----------- </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADFineGrainedPasswordPolicy -Identity AdminsPSO Name : AdminsPSO ComplexityEnabled : True LockoutThreshold : 0 ReversibleEncryptionEnabled : True LockoutDuration : 00:30:00 LockoutObservationWindow : 00:30:00 MinPasswordLength : 10 Precedence : 200 ObjectGUID : ba1061f0-c947-4018-a399-6ad8897d26e3 ObjectClass : msDS-PasswordSettings PasswordHistoryCount : 24 MinPasswordAge : 1.00:00:00 MaxPasswordAge : 15.00:00:00 AppliesTo : {} DistinguishedName : CN=AdminsPSO,CN=Password Settings Container,CN=System,DC=FABRIKAM,DC=COM </dev:code><dev:remarks><maml:para>This command gets the Fine Grained Password Policy named AdminsPSO. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADFineGrainedPasswordPolicy -Identity 'CN=DlgtdAdminsPSO,CN=Password Settings Container,CN=System,DC=FABRIKAM,DC=COM' -Properties * msDS-LockoutDuration : -18000000000 msDS-PasswordSettingsPrecedence : 300 ObjectCategory : CN=ms-DS-Password-Settings,CN=Schema,CN=Configuration,DC=FABRIKAM,DC=COM DistinguishedName : CN=DlgtdAdminsPSO,CN=Password Settings Container,CN=System,DC=FABRIKAM,DC=COM ExpireOn : msDS-MinimumPasswordAge : -864000000000 dSCorePropagationData : {12/31/1600 4:00:00 PM} msDS-LockoutThreshold : 0 Description : The Delegated Administrators Password Policy LockoutThreshold : 0 instanceType : 4 msDS-PasswordComplexityEnabled : True MaxPasswordAge : 20.00:00:00 whenCreated : 8/15/2008 12:47:43 AM Name : DlgtdAdminsPSO ObjectClass : msDS-PasswordSettings ReversibleEncryptionEnabled : True msDS-PasswordReversibleEncryptionEnabled : True Dynamic : False LockoutDuration : 00:30:00 msDS-PSOAppliesTo : {CN=Kim Abercrombie,OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM, CN=Bob Kelly,OU=AsiaPacific,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM} DisplayName : Delegated Administrators PSO uSNCreated : 16395 Modified : 8/20/2008 12:21:15 AM MinPasswordAge : 1.00:00:00 ProtectedFromAccidentalDeletion : False Created : 8/15/2008 12:47:43 AM sDRightsEffective : 15 ComplexityEnabled : True PasswordHistoryCount : 24 msDS-MaximumPasswordAge : -17280000000000 MinPasswordLength : 10 Precedence : 300 ObjectGUID : 75cf8c7a-9c93-4e81-b611-851803372cb2 msDS-MinimumPasswordLength : 10 Deleted : Orphaned : False CN : DlgtdAdminsPSO LastKnownParent : CanonicalName : FABRIKAM.COM/System/Password Settings Container/DlgtdAdminsPSO modifyTimeStamp : 8/20/2008 12:21:15 AM msDS-LockoutObservationWindow : -18000000000 LockoutObservationWindow : 00:30:00 whenChanged : 8/20/2008 12:21:15 AM createTimeStamp : 8/15/2008 12:47:43 AM msDS-PasswordHistoryLength : 24 nTSecurityDescriptor : System.DirectoryServices.ActiveDirectorySecurity AppliesTo : {CN=JeffPrice,OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM, CN=GlenJohn,OU=AsiaPacific,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM} uSNChanged : 72719 </dev:code><dev:remarks><maml:para>This command gets all the properties for the Fine Grained Password Policy with DistinguishedName CN=DlgtdAdminsPSO,CN=Password Settings Container,CN=System,DC=FABRIKAM,DC=COM. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADFineGrainedPasswordPolicy -Filter {name -like "*admin*"} AppliesTo : {CN=GlenJohn,CN=Users,DC=Fabrikam,DC=com, CN=JeffPrice,CN=Users,DC=Fabrikam,DC=com, CN=Administrator,CN=Users,DC=Fabrikam,DC=com} ComplexityEnabled : True DistinguishedName : CN=DlgtdAdminsPSO,CN=Password Settings Container,CN=System,DC=Fabrikam,DC=com LockoutDuration : 00:30:00 LockoutObservationWindow : 00:30:00 LockoutThreshold : 0 MaxPasswordAge : 42.00:00:00 MinPasswordAge : 1.00:00:00 MinPasswordLength : 7 Name : DlgtdAdminsPSO ObjectClass : msDS-PasswordSettings ObjectGUID : b7de4e6e-c291-4ce6-bb47-6bf8f807df53 PasswordHistoryCount : 24 Precedence : 100 ReversibleEncryptionEnabled : True </dev:code><dev:remarks><maml:para>This command gets all the Fine Grained Password Policy objects that have a name that begins with admin. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291029</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ADFineGrainedPasswordPolicySubject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADFineGrainedPasswordPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADFineGrainedPasswordPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADFineGrainedPasswordPolicySubject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADFineGrainedPasswordPolicy</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADFineGrainedPasswordPolicySubject</command:name><maml:description><maml:para>Gets the users and groups to which a fine-grained password policy is applied.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADFineGrainedPasswordPolicySubject</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADFineGrainedPasswordPolicySubject cmdlet gets users and groups that are subject to a fine-grained password policy. </maml:para><maml:para>The Identity parameter specifies the fine-grained password policy. You can identify a fine-grained password policy by its distinguished name, GUID or name. You can also set the Identity parameter to a fine-grained password policy object variable, such as $<localPasswordPolicyObject>, or pass a fine-grained password policy object through the pipeline operator to the Identity parameter. For example, you can use the Get-ADFineGrainedPasswordPolicy cmdlet to retrieve a fine-grained password policy object and then pass the object through the pipeline operator to the Get-ADFineGrainedPasswordPolicySubject cmdlet. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADFineGrainedPasswordPolicySubject</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory fine-grained password policy object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name (distinguishedName) -- A GUID (objectGUID) -- A Name (name) </maml:para><maml:para></maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline operator or you can set this parameter to a fine-grained password policy object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADFineGrainedPasswordPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory fine-grained password policy object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name (distinguishedName) -- A GUID (objectGUID) -- A Name (name) </maml:para><maml:para></maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline operator or you can set this parameter to a fine-grained password policy object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADFineGrainedPasswordPolicy</command:parameterValue><dev:type><maml:name>ADFineGrainedPasswordPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A fine-grained password policy object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADPrincipal</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns principal objects that represent the users and groups to which the fine-grained password policy is applied. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work when targeting a snapshot using the Server parameter. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADFineGrainedPasswordPolicySubject -Identity DomainUsersPSO | FT Name,ObjectClass,DistinguishedName -AutoSize Name ObjectClass DistinguishedName ---- ----------- ----------------- Domain Users group CN=Domain Users,CN=Users,DC=FABRIKAM,DC=COM </dev:code><dev:remarks><maml:para>This command gets the Fine Grained Password Policy subject of the Password Policy named DomainUsersPSO. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291030</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADFineGrainedPasswordPolicy</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADForest</command:name><maml:description><maml:para>Gets an Active Directory forest.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADForest</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADForest cmdlet gets the Active Directory forest specified by the parameters. You can specify the forest by setting the Identity or Current parameters. </maml:para><maml:para>The Identity parameter specifies the Active Directory forest to get. You can identify a forest by its fully qualified domain name (FQDN), DNS host name, or NetBIOS name. You can also set the parameter to a forest object variable, such as $<localForestObject>, or you can pass a forest object through the pipeline to the Identity parameter. </maml:para><maml:para>To retrieve the forest of the local computer or current logged on user (CLU) set the Current parameter to LocalComputer or LoggedOnUser. When you set the Current parameter, you do not need to set the Identity parameter. </maml:para><maml:para>When the Current parameter is set to LocalComputer or LoggedOnUser, the cmdlet uses the Server and Credential parameter values to determine the domain and the credentials to use to identify the domain of the forest according to the following rules: </maml:para><maml:para>- If both the Server and Credential parameters are not specified: </maml:para><maml:para>-- The domain is set to the domain of the LocalComputer or LoggedOnUser and a server is located in this domain. The credentials of the current logged on user are used to get the domain. </maml:para><maml:para>- If the Server parameter is specified and the Credential parameter is not specified: </maml:para><maml:para>-- The domain is set to the domain of the specified server and the cmdlet checks to make sure that the server is in the domain of the LocalComputer or LoggedOnUser. Then the credentials of the current logged on user are used to get the domain. An error is returned when the server is not in the domain of the LocalComputer or LoggedOnUser. </maml:para><maml:para>- If the Server parameter is not specified and the Credential parameter is specified: </maml:para><maml:para>-- The domain is set to the domain of the LocalComputer or LoggedOnUser and a server is located in this domain. Then the credentials specified by the Credential parameter are used to get the domain. </maml:para><maml:para>- If the Server and Credential parameters are specified: </maml:para><maml:para>The domain is set to the domain of the specified server and the cmdlet checks to make sure that the server is in the domain of the LocalComputer or LoggedOnUser. Then the credentials specified by the Credential parameter are used to get the domain. An error is returned when the server is not in the domain of the LocalComputer or LoggedOnUser. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADForest</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Current</maml:name><maml:description><maml:para>Specifies whether to return the domain of the local computer or the current logged on user (CLU). The acceptable values for this parameter are: -- LocalComputer or 0 -- LoggedOnUser or 1 </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">LocalComputer</command:parameterValue><command:parameterValue required="true" variableLength="false">LoggedOnUser</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADForest</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory forest object by providing one of the following attribute values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A fully qualified domain name -- A GUID (objectGUID) -- A DNS host name -- A NetBIOS name </maml:para><maml:para></maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a forest object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADForest</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Current</maml:name><maml:description><maml:para>Specifies whether to return the domain of the local computer or the current logged on user (CLU). The acceptable values for this parameter are: -- LocalComputer or 0 -- LoggedOnUser or 1 </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADCurrentForestType</command:parameterValue><dev:type><maml:name>ADCurrentForestType</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory forest object by providing one of the following attribute values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A fully qualified domain name -- A GUID (objectGUID) -- A DNS host name -- A NetBIOS name </maml:para><maml:para></maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a forest object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADForest</command:parameterValue><dev:type><maml:name>ADForest</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADForest</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A forest object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADForest</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns one or more forest objects. </maml:para><maml:para>This cmdlet returns all of the properties of the forest. To view all of the properties for an ADForest object, use the following command and replace <forest> with a forest identifier such as a DNS host name. </maml:para><maml:para>Get-ADForest<forest>| Get-Member</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work when targeting a snapshot using the Server parameter. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADForest -Identity Fabrikam.com </dev:code><dev:remarks><maml:para>This command gets the forest information of the Fabrikam.com forest. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADForest -Current LocalComputer </dev:code><dev:remarks><maml:para>This command gets the forest information of the current local computer's forest. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADForest -Current LoggedOnUser </dev:code><dev:remarks><maml:para>This command gets the forest information of the current logged on users's forest. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADForest ApplicationPartitions : {DC=ForestDnsZones,DC=Fabrikam,DC=com, DC=DomainDnsZones,DC=Fabrikam,DC=com} CrossForestReferences : {CN=northwind,CN=Partitions,CN=Configuration,DC=Fabrikam,DC=com} DomainNamingMaster : Fabrikam-DC1.Fabrikam.com Domains : {Fabrikam.com} ForestMode : Windows2003Forest GlobalCatalogs : {Fabrikam-DC1.Fabrikam.com, CSD2722780.Fabrikam.com} Name : Fabrikam.com PartitionsContainer : CN=Partitions,CN=Configuration,DC=Fabrikam,DC=com RootDomain : Fabrikam.com SchemaMaster : Fabrikam-DC1.Fabrikam.com Sites : {Default-First-Site-Name, UnitedKingdomHQ, BO3, RODC-Site-Name} SPNSuffixes : {} UPNSuffixes : {} </dev:code><dev:remarks><maml:para>This command gets the forest information for the forest of the currently logged on user. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$allDCs = (Get-ADForest).Domains | %{ Get-ADDomainController -Filter * -Server $_ } </dev:code><dev:remarks><maml:para>This command gets a list of all the domain controllers for all domain within a forest. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291031</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADForest</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADForestMode</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADGroup</command:name><maml:description><maml:para>Gets one or more Active Directory groups.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADGroup</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADGroup cmdlet gets a group or performs a search to retrieve multiple groups from an Active Directory. </maml:para><maml:para>The Identity parameter specifies the Active Directory group to get. You can identify a group by its distinguished name (DN), GUID, security identifier (SID), Security Accounts Manager (SAM) account name, or canonical name. You can also specify group object variable, such as $<localGroupObject>. </maml:para><maml:para>To search for and retrieve more than one group, use the Filter or LDAPFilter parameters. The Filter parameter uses the PowerShell Expression Language to write query strings for Active Directory. PowerShell Expression Language syntax provides rich type conversion support for value types received by the Filter parameter. For more information about the Filter parameter syntax, type Get-Help about_ActiveDirectory_Filter. If you have existing LDAP query strings, you can use the LDAPFilter parameter. </maml:para><maml:para>This cmdlet gets a default set of group object properties. To get additional properties use the Properties parameter. For more information about the how to determine the properties for group objects, see the Properties parameter description. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADGroup</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. </maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects. </maml:para><maml:para>The default is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under. </maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Base</command:parameterValue><command:parameterValue required="true" variableLength="false">OneLevel</command:parameterValue><command:parameterValue required="true" variableLength="false">Subtree</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADGroup</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory group object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A Security Accounts Manager (SAM) Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADGroup</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADGroup</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. </maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects. </maml:para><maml:para>The default is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under. </maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Base</command:parameterValue><command:parameterValue required="true" variableLength="false">OneLevel</command:parameterValue><command:parameterValue required="true" variableLength="false">Subtree</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory group object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A Security Accounts Manager (SAM) Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADGroup</command:parameterValue><dev:type><maml:name>ADGroup</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. </maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue>256</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects. </maml:para><maml:para>The default is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under. </maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADSearchScope</command:parameterValue><dev:type><maml:name>ADSearchScope</maml:name><maml:uri /></dev:type><dev:defaultValue>Subtree</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADGroup</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A group object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADGroup</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns one or more group objects.</maml:para><maml:para>The Get-ADGroup cmdlet returns a default set of ADGroup property values. To retrieve additional ADGroup properties, use the Properties parameter. </maml:para><maml:para>To view the properties for an ADGroup object, see the following examples. To run these examples, replace <group> with a group identifier such as Administrators. </maml:para><maml:para>To get a list of the default set of properties of an ADGroup object, use the following command: </maml:para><maml:para>Get-ADGroup<group>| Get-Member </maml:para><maml:para>To get a list of all the properties of an ADGroup object, use the following command: </maml:para><maml:para>Get-ADGroup<group>-Properties * | Get-Member</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADGroup -Identity administrators DistinguishedName : CN=Administrators,CN=Builtin,DC=Fabrikam,DC=com GroupCategory : Security GroupScope : DomainLocal Name : Administrators ObjectClass : group ObjectGUID : 02ce3874-dd86-41ba-bddc-013f34019978 SamAccountName : Administrators SID : S-1-5-32-544 </dev:code><dev:remarks><maml:para>This command gets the group with samAccountName administrators.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADGroup -Identity S-1-5-32-544 -Properties member DistinguishedName : CN=Administrators,CN=Builtin,DC=Fabrikam,DC=com GroupCategory : Security GroupScope : DomainLocal member : {CN=Domain Admins,CN=Users,DC=Fabrikam,DC=com, CN=Enterprise Admins,CN=Users,DC=Fabrikam,DC=com, CN=LabAdmin,CN=Users,DC=Fabrikam,DC=com, C N=Administrator,CN=Users,DC=Fabrikam,DC=com} Name : Administrators ObjectClass : group ObjectGUID : 02ce3874-dd86-41ba-bddc-013f34019978 SamAccountName : Administrators SID : S-1-5-32-544 </dev:code><dev:remarks><maml:para>This command gets the group with SID S-1-5-32-544 including the additional property member.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADGroup -Filter 'GroupCategory -eq "Security" -and GroupScope -ne "DomainLocal"' </dev:code><dev:remarks><maml:para>This command gets all groups that have a GroupCategory of Security but do not have a GroupScope of DomainLocal. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADGroup -Server localhost:60000 -Filter {GroupScope -eq "DomainLocal"} -SearchBase "DC=AppNC" DistinguishedName : CN=AlphaGroup,OU=AccountDeptOU,DC=AppNC GroupCategory : Security GroupScope : DomainLocal Name : AlphaGroup ObjectClass : group ObjectGUID : 6498c9fb-7c62-48fe-9972-1461f7f3dec2 SID : S-1-510474493-936115905-2475435479-1276657127-1006239422-938965137 DistinguishedName : CN=BranchOffice1,OU=AccountDeptOU,DC=AppNC GroupCategory : Security GroupScope : DomainLocal Name : BranchOffice1 ObjectClass : group ObjectGUID : 0b7504c5-482b-4a73-88f5-8a76960e4568 SID : S-1-510474493-936115905-2534227223-1194883713-3669005192-3746664089 DistinguishedName : CN=AccountLeads,OU=AccountDeptOU,DC=AppNC GroupCategory : Distribution GroupScope : DomainLocal Name : AccountLeads ObjectClass : group ObjectGUID : b20c032b-2de9-401a-b48c-341854a37254 SID : S-1-510474493-936115905-2813670187-1179675302-2001457839-270172950 </dev:code><dev:remarks><maml:para>This command gets all the DomainLocal groups from the AppNC partition of the AD LDS instance. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291032</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADGroup</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADGroup</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADGroup</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADGroupMember</command:name><maml:description><maml:para>Gets the members of an Active Directory group. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADGroupMember</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADGroupMember cmdlet gets the members of an Active Directory group. Members can be users, groups, and computers. </maml:para><maml:para>The Identity parameter specifies the Active Directory group to access. You can identify a group by its distinguished name (DN), GUID, security identifier (SID), or Security Accounts Manager (SAM) account name. You can also specify the group by passing a group object through the pipeline. For example, you can use the Get-ADGroup cmdlet to retrieve a group object and then pass the object through the pipeline to the Get-ADGroupMember cmdlet. </maml:para><maml:para>If the Recursive parameter is specified, the cmdlet gets all members in the hierarchy of the group that do not contain child objects. For example, if the group SaraDavisReports contains the user KarenToh and the group JohnSmithReports, and JohnSmithReports contains the user JoshPollock, then the cmdlet returns KarenToh and JoshPollock. </maml:para><maml:para>For AD LDS environments, the Partition parameter must be specified except in the following two conditions: -- The cmdlet is run from an Active Directory provider drive. -- A default naming context or partition is defined for the AD LDS environment. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADGroupMember</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory group object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A Security Accounts Manager (SAM) Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADGroup</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Recursive</maml:name><maml:description><maml:para>Specifies that the cmdlet get all members in the hierarchy of a group that do not contain child objects. </maml:para><maml:para>If the specified group does not have any members, then nothing is returned. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory group object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A Security Accounts Manager (SAM) Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADGroup</command:parameterValue><dev:type><maml:name>ADGroup</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Recursive</maml:name><maml:description><maml:para>Specifies that the cmdlet get all members in the hierarchy of a group that do not contain child objects. </maml:para><maml:para>If the specified group does not have any members, then nothing is returned. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADGroup</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A group object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADPrincipal</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns one or more principal objects that represent users, computers or groups that are members of the specified group. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work when a group has members located in a different forest, and the forest does not have Active Directory Web Service running. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADGroupMember cmdlet Get-ADGroupMember at command pipeline position 1 Supply values for the following parameters: (Type !? for Help.) Identity: Administrators distinguishedName : CN=Domain Admins,CN=Users,DC=Fabrikam,DC=com name : Domain Admins objectClass : group objectGUID : 5ccc6037-c2c9-42be-8e92-c8f98afd0011 SamAccountName : Domain Admins SID : S-1-5-21-41432690-3719764436-1984117282-512 distinguishedName : CN=Enterprise Admins,CN=Users,DC=Fabrikam,DC=com name : Enterprise Admins objectClass : group objectGUID : 0215b0a5-aea1-40da-b598-720efe930ddf SamAccountName : Enterprise Admins SID : S-1-5-21-41432690-3719764436-1984117282-519 distinguishedName : CN=LabAdmin,CN=Users,DC=Fabrikam,DC=com name : LabAdmin objectClass : user objectGUID : ab7c269d-aec5-4fcc-aebe-6cd1a2e6cd53 SamAccountName : LabAdmin SID : S-1-5-21-41432690-3719764436-1984117282-1000 distinguishedName : CN=Administrator,CN=Users,DC=Fabrikam,DC=com name : Administrator objectClass : user objectGUID : 994f46e6-c62c-483f-a6cf-124197b6a959 SamAccountName : Administrator SID : S-1-5-21-41432690-3719764436-1984117282-500 </dev:code><dev:remarks><maml:para>This command gets all the members of the administrators groups using the default behavior.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADGroup -Server localhost:60000 -Filter {GroupScope -eq "DomainLocal"} -SearchBase "DC=AppNC" | Get-ADGroupMember -partition "DC=AppNC" distinguishedName : CN=SanjayPatel,OU=AccountDeptOU,DC=AppNC name : SanjayPatel objectClass : user objectGUID : d671de28-6e40-42a7-b32c-63d336de296d SamAccountName : SID : S-1-510474493-936115905-2231798853-1260534229-4171027843-767619944 </dev:code><dev:remarks><maml:para>This command gets the groups members of all domain local groups in the AD LDS instance. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>get-adgroupmember -Identity administrators distinguishedName : CN=Domain Admins,CN=Users,DC=Fabrikam,DC=com name : Domain Admins objectClass : group objectGUID : 5ccc6037-c2c9-42be-8e92-c8f98afd0011 SamAccountName : Domain Admins SID : S-1-5-21-41432690-3719764436-1984117282-512 distinguishedName : CN=Enterprise Admins,CN=Users,DC=Fabrikam,DC=com name : Enterprise Admins objectClass : group objectGUID : 0215b0a5-aea1-40da-b598-720efe930ddf SamAccountName : Enterprise Admins SID : S-1-5-21-41432690-3719764436-1984117282-519 distinguishedName : CN=LabAdmin,CN=Users,DC=Fabrikam,DC=com name : LabAdmin objectClass : user objectGUID : ab7c269d-aec5-4fcc-aebe-6cd1a2e6cd53 SamAccountName : LabAdmin SID : S-1-5-21-41432690-3719764436-1984117282-1000 distinguishedName : CN=Administrator,CN=Users,DC=Fabrikam,DC=com name : Administrator objectClass : user objectGUID : 994f46e6-c62c-483f-a6cf-124197b6a959 SamAccountName : Administrator SID : S-1-5-21-41432690-3719764436-1984117282-500 </dev:code><dev:remarks><maml:para>This command gets all the group members of the administrators group. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADGroupMember -Identity "Enterprise Admins" -Recursive distinguishedName : CN=Administrator,CN=Users,DC=Fabrikam,DC=com name : Administrator objectClass : user objectGUID : 994f46e6-c62c-483f-a6cf-124197b6a959 SamAccountName : Administrator SID : S-1-5-21-41432690-3719764436-1984117282-500 distinguishedName : CN=Sagiv Hadaya,CN=Users,DC=Fabrikam,DC=com name : Sagiv Hadaya objectClass : user objectGUID : 64706230-f179-4fe4-b8c9-f0d334e66ab1 SamAccountName : SHadaya SID : S-1-5-21-41432690-3719764436-1984117282-1158 </dev:code><dev:remarks><maml:para>This command gets all the members of the Enterprise Admins group including the members of any child groups.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291033</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ADGroupMember</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ADPrincipalGroupMembership</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADGroup</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADPrincipalGroupMembership</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADGroupMember</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADPrincipalGroupMembership</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADObject</command:name><maml:description><maml:para>Gets one or more Active Directory objects.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADObject</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADObject cmdlet gets an Active Directory object or performs a search to retrieve multiple objects. </maml:para><maml:para>The Identity parameter specifies the Active Directory object to get. You can identify the object to get by its distinguished name (DN) or GUID. You can also set the parameter to an Active Directory object variable, such as $<localADObject> or pass an object through the pipeline to the Identity parameter. </maml:para><maml:para>To search for and retrieve more than one object, use the Filter or LDAPFilter parameters. The Filter parameter uses the PowerShell Expression Language to write query strings for Active Directory. PowerShell Expression Language syntax provides rich type conversion support for value types received by the Filter parameter. For more information about the Filter parameter syntax, type Get-Help about_ActiveDirectory_Filter. If you have existing LDAP query strings, you can use the LDAPFilter parameter. </maml:para><maml:para>This cmdlet gets a default set of Active Directory object properties. To get additional properties use the Properties parameter. For more information about the how to determine the properties for computer objects, see the Properties parameter description. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADObject</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IncludeDeletedObjects</maml:name><maml:description><maml:para>Specifies that the cmdlet retrieves deleted objects and the deactivated forward and backward links. When this parameter is specified, the cmdlet uses the following LDAP controls: -- Show Deleted Objects (1.2.840.113556.1.4.417) -- Show Deactivated Links (1.2.840.113556.1.4.2065) </maml:para><maml:para>Note: If this parameter is not specified, the cmdlet will not return or operate on deleted objects. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. </maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects. </maml:para><maml:para>The default is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under. </maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Base</command:parameterValue><command:parameterValue required="true" variableLength="false">OneLevel</command:parameterValue><command:parameterValue required="true" variableLength="false">Subtree</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADObject</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy -- Microsoft.ActiveDirectory.Management.ADDomain</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADObject</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IncludeDeletedObjects</maml:name><maml:description><maml:para>Specifies that the cmdlet retrieves deleted objects and the deactivated forward and backward links. When this parameter is specified, the cmdlet uses the following LDAP controls: -- Show Deleted Objects (1.2.840.113556.1.4.417) -- Show Deactivated Links (1.2.840.113556.1.4.2065) </maml:para><maml:para>Note: If this parameter is not specified, the cmdlet will not return or operate on deleted objects. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADObject</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IncludeDeletedObjects</maml:name><maml:description><maml:para>Specifies that the cmdlet retrieves deleted objects and the deactivated forward and backward links. When this parameter is specified, the cmdlet uses the following LDAP controls: -- Show Deleted Objects (1.2.840.113556.1.4.417) -- Show Deactivated Links (1.2.840.113556.1.4.2065) </maml:para><maml:para>Note: If this parameter is not specified, the cmdlet will not return or operate on deleted objects. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. </maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects. </maml:para><maml:para>The default is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under. </maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Base</command:parameterValue><command:parameterValue required="true" variableLength="false">OneLevel</command:parameterValue><command:parameterValue required="true" variableLength="false">Subtree</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy -- Microsoft.ActiveDirectory.Management.ADDomain</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADObject</command:parameterValue><dev:type><maml:name>ADObject</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IncludeDeletedObjects</maml:name><maml:description><maml:para>Specifies that the cmdlet retrieves deleted objects and the deactivated forward and backward links. When this parameter is specified, the cmdlet uses the following LDAP controls: -- Show Deleted Objects (1.2.840.113556.1.4.417) -- Show Deactivated Links (1.2.840.113556.1.4.2065) </maml:para><maml:para>Note: If this parameter is not specified, the cmdlet will not return or operate on deleted objects. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. </maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue>256</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects. </maml:para><maml:para>The default is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under. </maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADSearchScope</command:parameterValue><dev:type><maml:name>ADSearchScope</maml:name><maml:uri /></dev:type><dev:defaultValue>Subtree</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADObject</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An Active Directory object is received by the Identity parameter. Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADOrganizationalUnit -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy -- Microsoft.ActiveDirectory.Management.ADDomain</maml:para><maml:para></maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADObject </maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns one or more Active Directory objects. </maml:para><maml:para>The Get-ADObject cmdlet returns a default set of ADObject property values. To retrieve additional ADObject properties, use the Properties parameter of the cmdlet.</maml:para><maml:para>To view the properties for an ADObject object, see the following examples. To run these examples, replace <object> with an Active Directory object identifier. </maml:para><maml:para>To get a list of the default set of properties of an ADObject object, use the following command: </maml:para><maml:para>Get-ADObject<object>| Get-Member</maml:para><maml:para>To get a list of all the properties of an ADObject object, use the following command:</maml:para><maml:para>Get-ADObject<object>-Properties ALL | Get-Member</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADObject -LDAPFilter "(objectClass=site)" -SearchBase 'CN=Configuration,DC=Fabrikam,DC=Com' -Properties CanonicalName | FT Name,CanonicalName -A Name CanonicalName ---- ------------- HQ FABRIKAM.COM/Configuration/Sites/HQ BO1 FABRIKAM.COM/Configuration/Sites/BO1 BO2 FABRIKAM.COM/Configuration/Sites/BO2 BO3 FABRIKAM.COM/Configuration/Sites/BO3 </dev:code><dev:remarks><maml:para>This command displays a list of sites for Fabrikam using the LDAP filter syntax.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADObject -Filter 'ObjectClass -eq "site"' -SearchBase 'CN=Configuration,DC=Fabrikam,DC=Com' -Properties siteObjectBL | foreach {$_.siteObjectBL} CN=192.167.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM CN=192.166.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM CN=192.168.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM CN=192.165.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM CN=192.164.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM CN=192.163.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM CN=192.162.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM CN=192.161.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM CN=192.160.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM CN=192.159.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM CN=192.158.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM CN=192.157.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM </dev:code><dev:remarks><maml:para>This command gets the Site objects from the Configuration Naming Context and then enumerates through the list outputting siteObjectBL.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$changeDate = New-Object DateTime(2008, 11, 18, 1, 40, 02) PS C:\> Get-ADObject -Filter 'whenChanged -gt $changeDate' -IncludeDeletedObjects </dev:code><dev:remarks><maml:para>This command gts all the objects, including the deleted ones, whose whenChanged attribute is greater than the specified date. Note that both deleted and non-deleted (and non-recycled) objects matching the filter will be returned.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$changeDate = New-Object DateTime(2008, 11, 18, 1, 40, 02) PS C:\> Get-ADObject -Filter 'whenChanged -gt $changeDate -and isDeleted -eq $true -and -not (isRecycled -eq $true) -and name -ne "Deleted Objects"' -IncludeDeletedObjects ObjectGUID : 98118958-91c7-437d-8ada-ba0b66db823b Deleted : True DistinguishedName : CN=Andrew Ma\0ADEL:98118958-91c7-437d-8ada-ba0b66db823b,CN=Deleted Objects,DC=FABRIKAM,DC=COM Name : Andrew Ma DEL:98118958-91c7-437d-8ada-ba0b66db823b ObjectClass : user </dev:code><dev:remarks><maml:para>This example gets all the deleted objects, whose whenChanged attribute is greater than the specified date. The clause name -ne "Deleted Objects" makes sure that the Deleted Objects Container is not returned. This will only return objects which can be restored. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$changeDate = New-Object DateTime(2008, 11, 18, 1, 40, 02) PS C:\> Get-ADObject -Filter 'whenChanged -gt $changeDate -and isDeleted -eq $true -and -not (isRecycled -eq $true) -and lastKnownParent -eq "OU=Accounting,DC=Fabrikam,DC=com"' -IncludeDeletedObjects ObjectGUID : 12d53e7f-aaf7-4790-b41a-da19044504db Deleted : True DistinguishedName : CN=Craig Dewar\0ADEL:12d53e7f-aaf7-4790-b41a-da19044504db,CN=Deleted Objects,DC=Fabrikam,DC=com Name : Craig Dewar DEL:12d53e7f-aaf7-4790-b41a-da19044504db ObjectClass : user </dev:code><dev:remarks><maml:para>This example gets all the deleted objects whose whenChanged attribute is greater then the specified date and at the time of deletion were the children of the specified Organizational Unit.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 6 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADObject -Identity "DC=AppNC" -server "FABRIKAM-SRV1:60000" ObjectGUID DistinguishedName Name ObjectClass ---------- ----------------- ---- ----------- 62b2e185-9322-4980-9c93-cf... DC=AppNC AppNC domainDNS </dev:code><dev:remarks><maml:para>This command gets the information of the domainDNS object of an LDS instance. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291034</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADObject</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADOptionalFeature</command:name><maml:description><maml:para>Gets one or more Active Directory optional features.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADOptionalFeature</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADOptionalFeature cmdlet gets an optional feature or performs a search to retrieve multiple optional features from an Active Directory. </maml:para><maml:para>The Identity parameter specifies the Active Directory optional feature that you want to get. You can identify an optional feature by its distinguished name (DN), feature GUID, or object GUID. You can also set the parameter to an optional feature object variable, such as $<localOptionalFeatureObject> or you can pass an optional feature object through the pipeline to the Identity parameter. </maml:para><maml:para>To search for and retrieve more than one optional feature, use the Filter or LDAPFilter parameters. The Filter parameter uses the PowerShell Expression Language to write query strings for Active Directory. PowerShell Expression Language syntax provides rich type conversion support for value types received by the Filter parameter. For more information about the Filter parameter syntax, type Get-Help about_ActiveDirectory_Filter. If you have existing LDAP query strings, you can use the LDAPFilter parameter. </maml:para><maml:para>This cmdlet retrieves a default set of optional feature object properties. To retrieve additional properties use the Properties parameter. For more information about the how to determine the properties for computer objects, see the Properties parameter description. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADOptionalFeature</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. </maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects.</maml:para><maml:para>The default is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under.</maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive.</maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain.</maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Base</command:parameterValue><command:parameterValue required="true" variableLength="false">OneLevel</command:parameterValue><command:parameterValue required="true" variableLength="false">Subtree</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADOptionalFeature</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory optional feature object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A fully qualified domain name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an optional feature object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADOptionalFeature</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADOptionalFeature</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. </maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects.</maml:para><maml:para>The default is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under.</maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive.</maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain.</maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Base</command:parameterValue><command:parameterValue required="true" variableLength="false">OneLevel</command:parameterValue><command:parameterValue required="true" variableLength="false">Subtree</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory optional feature object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A fully qualified domain name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an optional feature object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADOptionalFeature</command:parameterValue><dev:type><maml:name>ADOptionalFeature</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. </maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue>256</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects.</maml:para><maml:para>The default is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under.</maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive.</maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain.</maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADSearchScope</command:parameterValue><dev:type><maml:name>ADSearchScope</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADOptionalFeature</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An optional feature object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADOptionalFeature</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns one or more optional feature objects. </maml:para><maml:para>This cmdlet returns a default set of ADOptionalFeature property values. To retrieve additional ADOptionalFeature properties, use the Properties parameter. </maml:para><maml:para>To view the properties for an ADOptionalFeature object, see the following examples. To run these examples, replace <optional feature> with an optional feature identifier, such as distinguished name of the optional feature. </maml:para><maml:para>To get a list of the default set of properties of an ADOptionalFeature object, use the following command: </maml:para><maml:para>Get-ADOptionalFeature<optional feature>| Get-Member</maml:para><maml:para>To get a list of all the properties of an ADOptionalFeature object, use the following command:</maml:para><maml:para>Get-ADOptionalFeature<optional feature>-Properties ALL | Get-Member</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADOptionalFeature -Filter * </dev:code><dev:remarks><maml:para>This commands gets a list of all the available optional features in the current forest.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADOptionalFeature -Identity 'Recycle Bin Feature' </dev:code><dev:remarks><maml:para>This command gets the optional feature with the name Recycle Bin Feature. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADOptionalFeature -Identity 766ddcd8-acd0-445e-f3b9-a7f9b6744f2a </dev:code><dev:remarks><maml:para>This command gets the optional feature with the feature GUID 766ddcd8-acd0-445e-f3b9-a7f9b6744f2a. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADOptionalFeature -Identity 'Recycle Bin Feature' -server server1:50000 </dev:code><dev:remarks><maml:para>This command gets the Recycle Bin Feature optional feature in an AD LDS instance.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291035</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Disable-ADOptionalFeature</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Enable-ADOptionalFeature</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADOrganizationalUnit</command:name><maml:description><maml:para>Gets one or more Active Directory organizational units.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADOrganizationalUnit</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADOrganizationalUnit cmdlet gets an organizational unit object or performs a search to retrieve multiple organizational units. </maml:para><maml:para>The Identity parameter specifies the Active Directory organizational unit to retrieve. You can identify an organizational unit by its distinguished name (DN) or GUID. You can also set the parameter to an organizational unit object variable, such as $<localOrganizationalunitObject> or pass an organizational unit object through the pipeline to the Identity parameter. </maml:para><maml:para>To search for and retrieve more than one organizational unit, use the Filter or LDAPFilter parameters. The Filter parameter uses the PowerShell Expression Language to write query strings for Active Directory. PowerShell Expression Language syntax provides rich type conversion support for value types received by the Filter parameter. For more information about the Filter parameter syntax, type Get-Help about_ActiveDirectory_Filter. If you have existing LDAP query strings, you can use the LDAPFilter parameter. </maml:para><maml:para>This cmdlet retrieves a default set of organizational unit object properties. To retrieve additional properties use the Properties parameter. For more information about the how to determine the properties for computer objects, see the Properties parameter description. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADOrganizationalUnit</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query.</maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects.</maml:para><maml:para>The default is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under. </maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Base</command:parameterValue><command:parameterValue required="true" variableLength="false">OneLevel</command:parameterValue><command:parameterValue required="true" variableLength="false">Subtree</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADOrganizationalUnit</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies the identity of an Active Directory organizational unit object. The parameter accepts the following identity formats. The identifier in parentheses is the LDAP display name for the attribute that contains the identity. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADOrganizationalUnit</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADOrganizationalUnit</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query.</maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects.</maml:para><maml:para>The default is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under. </maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Base</command:parameterValue><command:parameterValue required="true" variableLength="false">OneLevel</command:parameterValue><command:parameterValue required="true" variableLength="false">Subtree</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies the identity of an Active Directory organizational unit object. The parameter accepts the following identity formats. The identifier in parentheses is the LDAP display name for the attribute that contains the identity. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADOrganizationalUnit</command:parameterValue><dev:type><maml:name>ADOrganizationalUnit</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query.</maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue>256</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects.</maml:para><maml:para>The default is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under. </maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADSearchScope</command:parameterValue><dev:type><maml:name>ADSearchScope</maml:name><maml:uri /></dev:type><dev:defaultValue>Subtree</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADOrganizationalUnit</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An organizational unit object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADOrganizationalUnit</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns one or more organizational unit objects.</maml:para><maml:para>This cmdlet returns a default set of ADOrganizational unit property values. To retrieve additional ADOrganizational unit properties, use the Properties parameter. </maml:para><maml:para>To view the properties for an ADOrganizational unit object, see the following examples. To run these examples, replace <organizational unit> with an organizational unit identifier such as the distinguished name (DN) of an organizational unit. </maml:para><maml:para>To get a list of the default set of properties of an ADOrganizational unit object, use the following command: </maml:para><maml:para>Get-ADOrganizationalUnit<organizational unit>| Get-Member</maml:para><maml:para>To get a list of all the properties of an ADOrganizational unit object, use the following command: </maml:para><maml:para>Get-ADOrganizationalUnit<organizational unit>-Properties * | Get-Member </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADOrganizationalUnit -Filter 'Name -like "*"' | Format-Table Name, DistinguishedName -A Name DistinguishedName ---- ----------------- Domain Controllers OU=Domain Controllers,DC=FABRIKAM,DC=COM UserAccounts OU=UserAccounts,DC=FABRIKAM,DC=COM Sales OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM Marketing OU=Marketing,OU=UserAccounts,DC=FABRIKAM,DC=COM Production OU=Production,OU=UserAccounts,DC=FABRIKAM,DC=COM HumanResources OU=HumanResources,OU=UserAccounts,DC=FABRIKAM,DC=COM NorthAmerica OU=NorthAmerica,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM SouthAmerica OU=SouthAmerica,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM Europe OU=Europe,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM AsiaPacific OU=AsiaPacific,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM Finance OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM Corporate OU=Corporate,OU=UserAccounts,DC=FABRIKAM,DC=COM ApplicationServers OU=ApplicationServers,DC=FABRIKAM,DC=COM Groups OU=Groups,OU=Managed,DC=FABRIKAM,DC=COM PasswordPolicyGroups OU=PasswordPolicyGroups,OU=Groups,OU=Managed,DC=FABRIKAM,DC=COM Managed OU=Managed,DC=FABRIKAM,DC=COM ServiceAccounts OU=ServiceAccounts,OU=Managed,DC=FABRIKAM,DC=COM </dev:code><dev:remarks><maml:para>This command gets all the Organizational Units in the domain.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADOrganizationalUnit -Identity 'OU=AsiaPacific,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM' | Format-Table Name,Country,PostalCode,City,StreetAddress,State -A Name Country PostalCode City StreetAddress State ---- ------- ---------- ---- ------------- ----- AsiaPacific AU 4171 Balmoral 45 Martens Place QLD </dev:code><dev:remarks><maml:para>This command gets the Organizational Unit with DistinguishedName OU=AsiaPacific,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADOrganizationalUnit -LDAPFilter '(name=*)' -SearchBase 'OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM' -SearchScope OneLevel | Format-Table Name,Country,PostalCode,City,StreetAddress,State Name Country PostalCode City StreetAddress State ---- ------- ---------- ---- ------------- ----- AsiaPacific AU 4171 Balmoral 45 Martens Place QLD Europe UK NG34 0NI QUARRINGTON 22 Station Rd NorthAmerica US 02142 Cambridge 1634 Randolph Street MA </dev:code><dev:remarks><maml:para>This command gets Organizational Units underneath the sales Organizational Unit using an LDAP filter.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291036</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADOrganizationalUnit</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADOrganizationalUnit</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADOrganizationalUnit</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADPrincipalGroupMembership</command:name><maml:description><maml:para>Gets the Active Directory groups that have a specified user, computer, group, or service account.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADPrincipalGroupMembership</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADPrincipalGroupMembership cmdlet gets the Active Directory groups that have a specified user, computer, group, or service account as a member. This cmdlet requires a global catalog to perform the group search. If the forest that contains the user, computer or group does not have a global catalog, the cmdlet returns a non-terminating error. If you want to search for local groups in another domain, use the ResourceContextServer parameter to specify the alternate server in the other domain. </maml:para><maml:para>The Identity parameter specifies the user, computer, or group object that you want to determine group membership for. You can identify a user, computer, or group object by its distinguished name (DN), GUID, security identifier (SID) or SAM account name. You can also specify a user, group, or computer object variable, such as $<localGroupObject>, or pass an object through the pipeline to the Identity parameter. For example, you can use the Get-ADGroup cmdlet to retrieve a group object and then pass the object through the pipeline to the Get-ADPrincipalGroupMembership cmdlet. Similarly, you can use Get-ADUser or Get-ADComputer to get user and computer objects to pass through the pipeline. </maml:para><maml:para>For AD LDS environments, the Partition parameter must be specified except in the following two conditions: -- The cmdlet is run from an Active Directory provider drive. -- A default naming context or partition is defined for the AD LDS environment. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADPrincipalGroupMembership</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory principal object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADPrincipal</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResourceContextPartition</maml:name><maml:description><maml:para>Specifies the distinguished name of the partition of an AD or AD LDS instance to search. Use this parameter with the ResourceContextServer parameter to specify a partition hosted by the specified server. If the ResourceContextPartition parameter is not specified, the default partition of the ResourceContextServer is searched. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResourceContextServer</maml:name><maml:description><maml:para>Specifies that the cmdlet return a list of groups that the user is a member of and that reside in the specified domain. Use this parameter to search for groups in a domain that is not the domain where the user's account resides. To search a partition other than the default partition in this domain, also specify the ResourceContextPartition parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory principal object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADPrincipal</command:parameterValue><dev:type><maml:name>ADPrincipal</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResourceContextPartition</maml:name><maml:description><maml:para>Specifies the distinguished name of the partition of an AD or AD LDS instance to search. Use this parameter with the ResourceContextServer parameter to specify a partition hosted by the specified server. If the ResourceContextPartition parameter is not specified, the default partition of the ResourceContextServer is searched. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResourceContextServer</maml:name><maml:description><maml:para>Specifies that the cmdlet return a list of groups that the user is a member of and that reside in the specified domain. Use this parameter to search for groups in a domain that is not the domain where the user's account resides. To search a partition other than the default partition in this domain, also specify the ResourceContextPartition parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADPrincipal</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A principal object that represents a user, computer or group is received by the Identity parameter. Derived types, such as the following are also received by this parameter: -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADGroup</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADGroup</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns group objects that have the specified user, computer, group or service account as a member. </maml:para><maml:para>The Get-ADPrincipalGroupMembership cmdlet returns a default set of ADGroup property values. To retrieve additional ADGroup properties pass the ADGroups objects produced by this cmdlet through the pipline to Get-ADGroup. Specify the additional properties required from the group objects by passing the -Properties parameter to Get-ADGroup. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADPrincipalGroupMembership -server localhost:60000 -Identity "CN=GlenJohns,DC=AppNC" -partition "DC=AppNC" </dev:code><dev:remarks><maml:para>This command retrieves all the groups the user CN=GlenJohns,DC=AppNC is a member of on an AD LDS instance. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADPrincipalGroupMembership -Identity Administrator distinguishedName : CN=Domain Users,CN=Users,DC=Fabrikam,DC=com GroupCategory : Security GroupScope : Global name : Domain Users objectClass : group objectGUID : 86c0f0d5-8b4d-4f35-a867-85a006b92902 SamAccountName : Domain Users SID : S-1-5-21-41432690-3719764436-1984117282-513 distinguishedName : CN=Administrators,CN=Builtin,DC=Fabrikam,DC=com GroupCategory : Security GroupScope : DomainLocal name : Administrators objectClass : group objectGUID : 02ce3874-dd86-41ba-bddc-013f34019978 SamAccountName : Administrators SID : S-1-5-32-544 distinguishedName : CN=Schema Admins,CN=Users,DC=Fabrikam,DC=com GroupCategory : Security GroupScope : Universal name : Schema Admins objectClass : group objectGUID : 8d62890f-385e-4cfa-9b2a-c72576097583 SamAccountName : Schema Admins SID : S-1-5-21-41432690-3719764436-1984117282-518 distinguishedName : CN=Enterprise Admins,CN=Users,DC=Fabrikam,DC=com GroupCategory : Security GroupScope : Universal name : Enterprise Admins objectClass : group objectGUID : 0215b0a5-aea1-40da-b598-720efe930ddf SamAccountName : Enterprise Admins SID : S-1-5-21-41432690-3719764436-1984117282-519 distinguishedName : CN=Domain Admins,CN=Users,DC=Fabrikam,DC=com GroupCategory : Security GroupScope : Global name : Domain Admins objectClass : group objectGUID : 5ccc6037-c2c9-42be-8e92-c8f98afd0011 SamAccountName : Domain Admins SID : S-1-5-21-41432690-3719764436-1984117282-512 distinguishedName : CN=Group Policy Creator Owners,CN=Users,DC=Fabrikam,DC=com GroupCategory : Security GroupScope : Global name : Group Policy Creator Owners objectClass : group objectGUID : a58f7bf2-fd20-4bbd-96f0-ee10fa1613c7 SamAccountName : Group Policy Creator Owners SID : S-1-5-21-41432690-3719764436-1984117282-520 </dev:code><dev:remarks><maml:para>This command retrieves all the groups the administrator is a member of.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Get-ADPrincipalGroupMembership -Identity Administrator -ResourceContextServer ChildDomain.Fabrikam.Com -ResourceContextPartition "DC=Fabrikam,DC=com" distinguishedName : CN=Domain Users,CN=Users,DC=Fabrikam,DC=com GroupCategory : Security GroupScope : Global name : Domain Users objectClass : group objectGUID : 86c0f0d5-8b4d-4f35-a867-85a006b92902 SamAccountName : Domain Users SID : S-1-5-21-41432690-3719764436-1984117282-513 distinguishedName : CN=Group Policy Creator Owners,CN=Users,DC=Fabrikam,DC=com GroupCategory : Security GroupScope : Global name : Group Policy Creator Owners objectClass : group objectGUID : a58f7bf2-fd20-4bbd-96f0-ee10fa1613c7 SamAccountName : Group Policy Creator Owners SID : S-1-5-21-41432690-3719764436-1984117282-520 distinguishedName : CN=Enterprise Admins,CN=Users,DC=Fabrikam,DC=com GroupCategory : Security GroupScope : Universal name : Enterprise Admins objectClass : group objectGUID : 0215b0a5-aea1-40da-b598-720efe930ddf SamAccountName : Enterprise Admins SID : S-1-5-21-41432690-3719764436-1984117282-519 distinguishedName : CN=Schema Admins,CN=Users,DC=Fabrikam,DC=com GroupCategory : Security GroupScope : Universal name : Schema Admins objectClass : group objectGUID : 8d62890f-385e-4cfa-9b2a-c72576097583 SamAccountName : Schema Admins SID : S-1-5-21-41432690-3719764436-1984117282-518 distinguishedName : CN=Domain Admins,CN=Users,DC=Fabrikam,DC=com GroupCategory : Security GroupScope : Global name : Domain Admins objectClass : group objectGUID : 5ccc6037-c2c9-42be-8e92-c8f98afd0011 SamAccountName : Domain Admins SID : S-1-5-21-41432690-3719764436-1984117282-512 distinguishedName : CN=Administrators,CN=Builtin,DC=Fabrikam,DC=com GroupCategory : Security GroupScope : DomainLocal name : Administrators objectClass : group objectGUID : 02ce3874-dd86-41ba-bddc-013f34019978 SamAccountName : Administrators SID : S-1-5-32-544 </dev:code><dev:remarks><maml:para>This command retrieves all the groups the adminsitrator account in the local domain is a member of in the resource domain ChildDomain.Fabrikam.Com. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291037</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ADGroupMember</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ADPrincipalGroupMembership</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADComputer</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADGroup</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADGroupMember</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADUser</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADGroupMember</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADPrincipalGroupMembership</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADReplicationAttributeMetadata</command:name><maml:description><maml:para>Returns the replication metadata for one or more Active Directory replication partners.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADReplicationAttributeMetadata</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADReplicationAttributeMetadata cmdlet returns the replication metadata for one or more attributes on a given object. The metadata is contained in the following two directory objects: -- single-value attribute: msDS-ReplAttributeMetaData -- multi-value attribute: msDS-ReplValueMetaData</maml:para><maml:para>The cmdlet parses the byte array(s) and returns the data in a readable format. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADReplicationAttributeMetadata</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Object</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute.The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy -- Microsoft.ActiveDirectory.Management.ADDomain</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADObject</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="3" aliases="Property,Attribute,Attributes"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies a list of one or more attribute names as a comma separated list to return the metadata for replication partners. This parameter also accepts * to indicate that all attributes set on the object should be returned. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user. </maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having Windows PowerShell filter the objects after they are retrieved. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IncludeDeletedObjects</maml:name><maml:description><maml:para>Specifies to retrieve deleted objects and the deactivated forward and backward links. When this parameter is specified, the cmdlet uses the following LDAP controls: -- Show Deleted Objects (1.2.840.113556.1.4.417) -- Show Deactivated Links (1.2.840.113556.1.4.2065) </maml:para><maml:para>Note: If this parameter is not specified, the cmdlet will not return or operate on deleted objects. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ShowAllLinkedValues</maml:name><maml:description><maml:para>Indicates that the cmdlet returns all linked values if the attribute returned is multi-valued.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user. </maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having Windows PowerShell filter the objects after they are retrieved. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IncludeDeletedObjects</maml:name><maml:description><maml:para>Specifies to retrieve deleted objects and the deactivated forward and backward links. When this parameter is specified, the cmdlet uses the following LDAP controls: -- Show Deleted Objects (1.2.840.113556.1.4.417) -- Show Deactivated Links (1.2.840.113556.1.4.2065) </maml:para><maml:para>Note: If this parameter is not specified, the cmdlet will not return or operate on deleted objects. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Object</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute.The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy -- Microsoft.ActiveDirectory.Management.ADDomain</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADObject</command:parameterValue><dev:type><maml:name>ADObject</maml:name><maml:uri /></dev:type><dev:defaultValue>None</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="3" aliases="Property,Attribute,Attributes"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies a list of one or more attribute names as a comma separated list to return the metadata for replication partners. This parameter also accepts * to indicate that all attributes set on the object should be returned. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue>* (all properties)</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ShowAllLinkedValues</maml:name><maml:description><maml:para>Indicates that the cmdlet returns all linked values if the attribute returned is multi-valued.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>False; by default, only the linked value with the highest USN is returned</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADObject</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A class structure that represents the Active Directory objects. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADReplicationAttributeMetadata</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A class structure that represents Active Directory replication attribute metadata objects.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>The default behavior for this cmdlet is to prompt for object identity. Other tools that have been provided to manage this feature in previous releases of Windows Server include the Repadmin.exe command-line tool. </maml:para></maml:alert><maml:alert></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationAttributeMetadata -Object "CN=Domain Admins,CN=Users,DC=corp,DC=contoso,DC=com" -Server corp-DC01 -ShowAllLinkedValues </dev:code><dev:remarks><maml:para>This command gets the replication metadata for the attributes of a group with Distinguished Name "CN=Domain Admins,CN=Users,DC=corp,DC=contoso,DC=com" from the CORP-DC01 domain controller. By including the ShowAllLinkedValues parameter if a multi-valued attribute is present, all its linked values are also retrieved. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationAttributeMetadata -Object "1A7BFEC6-C92C-4804-94B0-D407E51F1B64" -Server corp-DC01 -IncludeDeletedObjects </dev:code><dev:remarks><maml:para>This command gets the replication metadata for the attributes of an object with GUID 1A7BFEC6-C92C-4804-94B0-D407E51F1B64, including the deleted objects and the deactivated forward and backward links.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADObject -Filter 'objectclass -eq "group"' | Get-ADReplicationAttributeMetadata -Server corp-DC01 | Where-Object {$_.lastoriginatingchangetime -like "*11/10/2011*"} | Format-Table object </dev:code><dev:remarks><maml:para>This command gets all groups that have any of their attributes modified on 11/10/2011.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291038</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADReplicationConnection</command:name><maml:description><maml:para>Returns a specific Active Directory replication connection or a set of AD replication connection objects based on a specified filter.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADReplicationConnection</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADReplicationConnection cmdlet returns a specific Active Directory replication connection or a set of AD replication connection objects based on a specified filter. Connections are used to enable domain controllers to replicate with each other. A connection defines a one-way, inbound route from one domain controller, the source, to another domain controller, the destination. The Kerberos consistency checker (KCC) reuses existing connections where it can, deletes unused connections, and creates new connections if none exist that meet the current need. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADReplicationConnection</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, see about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADReplicationConnection</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationConnection</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, see about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationConnection</command:parameterValue><dev:type><maml:name>ADReplicationConnection</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADReplicationConnection</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A connection object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADReplicationConnection</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationConnection -Filter * </dev:code><dev:remarks><maml:para>This command gets all the replication connections. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationConnection -Filter {ReplicateFromDirectoryServer -eq "corp-DC01"} </dev:code><dev:remarks><maml:para>This command gets all replication connections that replicate from corp-DC01. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationConnection -Identity "5f98e288-19e0-47a0-9677-57f05ed54f6b" </dev:code><dev:remarks><maml:para>This command gets the replication connection with name 5f98e288-19e0-47a0-9677-57f05ed54f6b.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationConnection -Identity "5f98e288-19e0-47a0-9677-57f05ed54f6b" -Properties * </dev:code><dev:remarks><maml:para>This command gets all the properties of the replication connection with name 5f98e288-19e0-47a0-9677-57f05ed54f6b. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291039</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADReplicationConnection</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADReplicationFailure</command:name><maml:description><maml:para>Returns a collection of data describing an Active Directory replication failure.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADReplicationFailure</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADReplicationFailure cmdlet returns all failures currently associated with a given domain controller or Active Directory Lightweight Directory Services (AD LDS) instance. The return object is of type ADReplicationFailure. This cmdlet returns the list of failures in the ADReplicationSummary object for a specific server. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADReplicationFailure</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="1" aliases="Name,HostName,Site,Domain,Forest"><maml:name>Target</maml:name><maml:description><maml:para>Specifies either one or more (using a comma separated list) of Active Directory domain controllers, sites, domains, or forests. It will return results for all the domain controllers that are specified or that are part of the specified container. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">Object[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user. </maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>EnumeratingServer</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having Windows PowerShell filter the objects after they are retrieved. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADReplicationFailure</maml:name><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="1" aliases="Name,HostName,Site,Domain,Forest"><maml:name>Target</maml:name><maml:description><maml:para>Specifies either one or more (using a comma separated list) of Active Directory domain controllers, sites, domains, or forests. It will return results for all the domain controllers that are specified or that are part of the specified container. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">Object[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="ReplicationSite"><maml:name>Scope</maml:name><maml:description><maml:para>Specifies the type of object used as input by the Target parameter. The acceptable values for this parameter are: -- Server -- Site -- Domain -- Forest</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Domain</command:parameterValue><command:parameterValue required="true" variableLength="false">Forest</command:parameterValue><command:parameterValue required="true" variableLength="false">Server</command:parameterValue><command:parameterValue required="true" variableLength="false">Site</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user. </maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>EnumeratingServer</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having Windows PowerShell filter the objects after they are retrieved. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user. </maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>EnumeratingServer</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having Windows PowerShell filter the objects after they are retrieved. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="ReplicationSite"><maml:name>Scope</maml:name><maml:description><maml:para>Specifies the type of object used as input by the Target parameter. The acceptable values for this parameter are: -- Server -- Site -- Domain -- Forest</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADScopeType</command:parameterValue><dev:type><maml:name>ADScopeType</maml:name><maml:uri /></dev:type><dev:defaultValue>None</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="1" aliases="Name,HostName,Site,Domain,Forest"><maml:name>Target</maml:name><maml:description><maml:para>Specifies either one or more (using a comma separated list) of Active Directory domain controllers, sites, domains, or forests. It will return results for all the domain controllers that are specified or that are part of the specified container. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">Object[]</command:parameterValue><dev:type><maml:name>Object[]</maml:name><maml:uri /></dev:type><dev:defaultValue>DCLocator; Provider: -Server of the connected drive</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADDirectoryServer</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A class structure that contains one or more Active Directory server objects. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADReplicationFailure</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A class structure that represents Active Directory replication failure objects. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationFailure -Target corp-DC01 </dev:code><dev:remarks><maml:para>This command gets a collection of data describing an Active Directory replication failure for corp-DC01.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationFailure -Target corp-DC01 -Scope Server </dev:code><dev:remarks><maml:para>This command gets a collection of data describing an Active Directory replication failure from corp-DC01 (same as above). </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationFailure -Target corp-DC01,corp-DC02 </dev:code><dev:remarks><maml:para>This command gets a collection of data describing an Active Directory replication failure from corp-DC01 and corp-DC02. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationFailure -Target NorthAmerica -Scope Site </dev:code><dev:remarks><maml:para>This command gets a collection of data describing Active Directory replication failures from all the domain controllers in the site NorthAmerica. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationFailure -Target "corp.contoso.com" -Scope Domain </dev:code><dev:remarks><maml:para>This command gets a collection of data describing Active Directory replication failures from all the domain controllers in the domain corp.contoso.com.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 6 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationFailure -Target "corp.contoso.com" -Scope Forest </dev:code><dev:remarks><maml:para>This command gets a collection of data describing Active Directory replication failures from all the domain controllers in the forest corp.contoso.com.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291040</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADReplicationPartnerMetadata</command:name><maml:description><maml:para>Returns the replication metadata for a set of one or more replication partners.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADReplicationPartnerMetadata</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADReplicationPartnerMetadata cmdlet returns an Active Directory replication partner metadata object for each of its replication partners which contains all of the relevant replication data for the partners involved. This includes attributes such as LastReplicationSuccess or LastReplicationAttempt and other data specific to each pairing of replication partners. If the results are too verbose for your needs, you can use the Partition parameter to specify a partition to narrow down the results. Optionally, you can use the Filter parameter to narrow down results as well. If no partition or filter are specified for the results, the default naming context is used and metadata for all replication partners is returned. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADReplicationPartnerMetadata</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="1" aliases="Name,HostName,Site,Domain,Forest"><maml:name>Target</maml:name><maml:description><maml:para>Specifies the target for returning replication partner metadata as either one or more domain controllers, sites, domains, or forests. If multiple values for the target are to be specified, they need to be separated by commas. This parameter will return results for all the domain controllers specified or for part of the specified container. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">Object[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="3" aliases="NC,NamingContext"><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="4" aliases=""><maml:name>PartnerType</maml:name><maml:description><maml:para>Specifies an enumeration of the replication types returned by this cmdlet. The acceptable values for this parameter are: -- Inbound -- Outbound -- Both</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Both</command:parameterValue><command:parameterValue required="true" variableLength="false">Inbound</command:parameterValue><command:parameterValue required="true" variableLength="false">Outbound</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user. </maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>EnumerationServer</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having Windows PowerShell filter the objects after they are retrieved. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADReplicationPartnerMetadata</maml:name><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="1" aliases="Name,HostName,Site,Domain,Forest"><maml:name>Target</maml:name><maml:description><maml:para>Specifies the target for returning replication partner metadata as either one or more domain controllers, sites, domains, or forests. If multiple values for the target are to be specified, they need to be separated by commas. This parameter will return results for all the domain controllers specified or for part of the specified container. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">Object[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Scope</maml:name><maml:description><maml:para>Specifies the scope type for the Target parameter when used as input. The acceptable values for this parameter are: -- Server -- Site -- Domain -- Forest</maml:para><maml:para>Server </maml:para><maml:para>Site </maml:para><maml:para>Domain </maml:para><maml:para>Forest </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Domain</command:parameterValue><command:parameterValue required="true" variableLength="false">Forest</command:parameterValue><command:parameterValue required="true" variableLength="false">Server</command:parameterValue><command:parameterValue required="true" variableLength="false">Site</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="3" aliases="NC,NamingContext"><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="4" aliases=""><maml:name>PartnerType</maml:name><maml:description><maml:para>Specifies an enumeration of the replication types returned by this cmdlet. The acceptable values for this parameter are: -- Inbound -- Outbound -- Both</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Both</command:parameterValue><command:parameterValue required="true" variableLength="false">Inbound</command:parameterValue><command:parameterValue required="true" variableLength="false">Outbound</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user. </maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>EnumerationServer</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having Windows PowerShell filter the objects after they are retrieved. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user. </maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>EnumerationServer</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having Windows PowerShell filter the objects after they are retrieved. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="3" aliases="NC,NamingContext"><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue>DefaultNC; Provider: Default is to use the Partition that you are currently in. Else, use DefaultNC (IE: If you are in the RootDSE)</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="4" aliases=""><maml:name>PartnerType</maml:name><maml:description><maml:para>Specifies an enumeration of the replication types returned by this cmdlet. The acceptable values for this parameter are: -- Inbound -- Outbound -- Both</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADPartnerType</command:parameterValue><dev:type><maml:name>ADPartnerType</maml:name><maml:uri /></dev:type><dev:defaultValue>Inbound</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Scope</maml:name><maml:description><maml:para>Specifies the scope type for the Target parameter when used as input. The acceptable values for this parameter are: -- Server -- Site -- Domain -- Forest</maml:para><maml:para>Server </maml:para><maml:para>Site </maml:para><maml:para>Domain </maml:para><maml:para>Forest </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADScopeType</command:parameterValue><dev:type><maml:name>ADScopeType</maml:name><maml:uri /></dev:type><dev:defaultValue>None</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="1" aliases="Name,HostName,Site,Domain,Forest"><maml:name>Target</maml:name><maml:description><maml:para>Specifies the target for returning replication partner metadata as either one or more domain controllers, sites, domains, or forests. If multiple values for the target are to be specified, they need to be separated by commas. This parameter will return results for all the domain controllers specified or for part of the specified container. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">Object[]</command:parameterValue><dev:type><maml:name>Object[]</maml:name><maml:uri /></dev:type><dev:defaultValue>DCLocator; Provider: -Server of the connected drive</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADDirectoryServer</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A class structure that represents Active Directory server objects. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADReplicationPartnerMetadata</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A class structure that represents Active Directory replication partner metadata objects. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>The default behavior for this cmdlet is to prompt for server identity. Other tools that have been made available in prior releases of Windows Server to manage replication partnerships include Active Directory Sites and Services and the Repadmin.exe tool. If this cmdlet is aliased, it should use ReplSummary as the alias name value. </maml:para></maml:alert><maml:alert></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationPartnerMetadata -Target corp-DC01 </dev:code><dev:remarks><maml:para>This command gets the replication metadata between corp-DC01 and its inbound partners for the default partition only. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationPartnerMetadata -Target corp-DC01 -PartnerType Inbound </dev:code><dev:remarks><maml:para>This command gets the replication metadata between corp-DC01 and its inbound partners for the default partition only (same as above). </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationPartnerMetadata -Target corp-DC01,corp-DC02 -PartnerType Both -Partition Schema </dev:code><dev:remarks><maml:para>This command gets the replication metadata between corp-DC01, corp-DC02 and their respective partners only (both inbound and outbound) for the schema partition.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationPartnerMetadata -Target NorthAmerica -Scope Site -Partition * </dev:code><dev:remarks><maml:para>This command gets the replication metadata for all the inbound partners of all the domain controllers within the NorthAmerica site for all hosted partitions. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationPartnerMetadata -Target "corp.contoso.com" -Scope Domain </dev:code><dev:remarks><maml:para>This command gets the replication metadata for all the domain controllers that are inbound partners for the default partition in the domain 'corp.contoso.com'. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 6 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationPartnerMetadata -Target "corp.contoso.com" -Scope Forest -Partition Configuration </dev:code><dev:remarks><maml:para>This command gets the replication metadata for all the domain controllers that are inbound partners for the configuration partition in the forest corp.contoso.com. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291041</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADReplicationQueueOperation</command:name><maml:description><maml:para>Returns the contents of the replication queue for a specified server.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADReplicationQueueOperation</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADReplicationQueueOperation cmdlet returns all of the pending operations in the replication queue. While replication operations are pending, this cmdlet can be useful for determining the status of queued operations. </maml:para><maml:para>The Get-ADReplicationQueueOperation cmdlet can be called from script to watch and observe when operations get moved out of the queue as they are replicated. It also allows for filtering on any of the properties on the ADReplicationOperation object. </maml:para><maml:para>The replication queue operates in the following manner: suppose a domain controller has five inbound replication connections. As the domain controller formulates change requests, either by a schedule being reached or from a notification, it adds a work item for each request to the end of the queue of pending synchronization requests. Each pending synchronization request represents one <source domain controller, directory partition> pair, such as synchronize the schema directory partition from DC1 or delete the ApplicationX directory partition. </maml:para><maml:para>When a work item has been received into the queue, notification and polling intervals do not apply. Instead, the domain controller processes the item (begins synchronizing from its source) as soon as the work item reaches the front of the replication queue. This process continues until either the destination is fully synchronized with the source domain controller, an error occurs, or the synchronization is pre-empted by a higher-priority operation. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADReplicationQueueOperation</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="3" aliases="NC,NamingContext"><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user. </maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having Windows PowerShell filter the objects after they are retrieved. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user. </maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having Windows PowerShell filter the objects after they are retrieved. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="3" aliases="NC,NamingContext"><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue>DefaultNC; Provider: Default is to use the Partition that you are currently in. Else, use DefaultNC (IE: If you are in the RootDSE)</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADDirectoryServer</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A class structure that represents one or more Active Directory servers. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADReplicationOperation</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A class structure that represents one or more Active Directory replication operations. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationQueueOperation -Server "corp-DC01.corp.contoso.com" </dev:code><dev:remarks><maml:para>This command gets the pending operations in the replication queue for the domain controller corp-DC01 as specified by its fully qualified domain name (FQDN). </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291042</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADReplicationSite</command:name><maml:description><maml:para>Returns a specific Active Directory replication site or a set of replication site objects based on a specified filter.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADReplicationSite</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADReplicationSite cmdlet returns a specific Active Directory replication site or a set of replication site objects based on a specified filter. Sites are used in Active Directory to either enable clients to discover network resources (published shares, domain controllers) close to the physical location of a client computer or to reduce network traffic over wide area network (WAN) links. Sites can also be used to optimize replication between domain controllers. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADReplicationSite</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSite</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADReplicationSite</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSite</command:parameterValue><dev:type><maml:name>ADReplicationSite</maml:name><maml:uri /></dev:type><dev:defaultValue>All Sites (Filter *)</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADReplicationSite</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A site object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADReplicationSite</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationSite -Filter * </dev:code><dev:remarks><maml:para>This command gets all the sites. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationSite -Properties * -Filter {WindowsServer2003KCCSiteLinkBridgingEnabled -eq $TRUE} </dev:code><dev:remarks><maml:para>This command gets all sites that have the WindowsServer2003KCCBehaviorEnabled flag turned on. The Properties parameter must be set because the WindowsServer2003KCCSiteLinkBridgingEnabled property is not retrieved by default. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationSite -Identity NorthAmerica </dev:code><dev:remarks><maml:para>This command gets the site with name NorthAmerica. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationSite -Identity NorthAmerica -Properties AutomaticInterSiteTopologyGenerationEnabled </dev:code><dev:remarks><maml:para>This command gets the AutomaticInterSiteTopologyGenerationEnabled property of the site with name NorthAmerica. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291043</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADReplicationSite</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADReplicationSite</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADReplicationSite</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADReplicationSiteLink</command:name><maml:description><maml:para>Returns a specific Active Directory site link or a set of site links based on a specified filter.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADReplicationSiteLink</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADReplicationSiteLink cmdlet can be used to return a specific Active Directory site link or a set of site links based on a specified filter. A site link connects two or more sites. Site links reflect the administrative policy for how sites are to be interconnected and the methods used to transfer replication traffic. You must connect sites with site links so that domain controllers at each site can replicate Active Directory changes. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADReplicationSiteLink</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADReplicationSiteLink</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSiteLink</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSiteLink</command:parameterValue><dev:type><maml:name>ADReplicationSiteLink</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADReplicationSiteLink</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A site link object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADReplicationSiteLink</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationSiteLink -Filter * </dev:code><dev:remarks><maml:para>This command gets all the site links. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationSiteLink -Filter {SitesIncluded -eq "NorthAmerica"} | FT Name,SitesIncluded -A </dev:code><dev:remarks><maml:para>This command gets all site links that include NorthAmerica. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationSiteLink -Filter {Cost -gt 100 -and ReplicationFrequencyInMinutes -lt 15} </dev:code><dev:remarks><maml:para>This command gets all site links that have a cost greater than 100 and a replication frequency less than 15 minutes. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationSiteLink -Identity "Europe-Asia" </dev:code><dev:remarks><maml:para>This command gets the site link with name Europe-Asia. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationSiteLink -Identity "Europe-Asia" -Properties ReplicationSchedule </dev:code><dev:remarks><maml:para>This command gets the ReplicationSchedule property of the site link with name Europe-Asia. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291044</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADReplicationSiteLink</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADReplicationSiteLink</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADReplicationSiteLink</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADReplicationSiteLinkBridge</command:name><maml:description><maml:para>Returns a specific Active Directory site link bridge or a set of site link bridge objects based on a specified filter.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADReplicationSiteLinkBridge</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADReplicationSiteLinkBridge cmdlet returns a specific Active Directory site link bridge or a set of site link bridge objects based on a specified filter. A site link bridge connects two or more site links and enables transitivity between site links. Each site link in a bridge must have a site in common with another site link in the bridge. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADReplicationSiteLinkBridge</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADReplicationSiteLinkBridge</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSiteLinkBridge</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSiteLinkBridge</command:parameterValue><dev:type><maml:name>ADReplicationSiteLinkBridge</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADReplicationSiteLinkBridge</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A site link bridge object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADReplicationSiteLinkBridge</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>By default, the following site link bridge properties are returned: -- Name -- Description -- SiteLinksIncluded -- DN</maml:para></maml:alert><maml:alert></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationSiteLinkBridge -Filter * </dev:code><dev:remarks><maml:para>This commnd gets all the site link bridges.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationSiteLinkBridge -Filter {SiteLinksIncluded -eq "NorthAmerica-Europe"} | FT Name,SiteLinksIncluded -A </dev:code><dev:remarks><maml:para>This command gets all site link bridges that include site link NorthAmerica-Europe. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationSiteLinkBridge -Identity "NorthAmerica-Asia" </dev:code><dev:remarks><maml:para>This command gets the site link bridge with name NorthAmerica-Europe.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationSiteLinkBridge -Identity "NorthAmerica-Asia" -Properties * </dev:code><dev:remarks><maml:para>This command gets all the properties of the site link bridge with name NorthAmerica-Europe. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291045</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADReplicationSiteLinkBridge</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADReplicationSiteLinkBridge</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADReplicationSiteLinkBridge</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADReplicationSubnet</command:name><maml:description><maml:para>Returns a specific Active Directory subnet or a set of AD subnets based on a specified filter.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADReplicationSubnet</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADReplicationSubnet cmdlet returns a specific Active Directory subnet or a set of AD subnets based on a specified filter. Subnet objects (class subnet) define network subnets in Active Directory. A network subnet is a segment of a TCP/IP network to which a set of logical IP addresses is assigned. Subnets group computers in a way that identifies their physical proximity on the network. Subnet objects in Active Directory are used to map computers to sites. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADReplicationSubnet</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, see about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADReplicationSubnet</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSubnet</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, see about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSubnet</command:parameterValue><dev:type><maml:name>ADReplicationSubnet</maml:name><maml:uri /></dev:type><dev:defaultValue>All Subnets (Filter *)</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADReplicationSubnet</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A subnet object is received by the Identity parameter.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADReplicationSubnet</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationSubnet -Filter * </dev:code><dev:remarks><maml:para>This command gets all the subnets. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationSubnet -Filter {Location -like "*Japan"} </dev:code><dev:remarks><maml:para>This command gets all the subnets in Japan. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationSubnet -Identity "10.0.0.0/25" </dev:code><dev:remarks><maml:para>This command gets the subnet with name 10.0.0.0/25. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationSubnet -Identity "10.0.0.0/25" -Properties * </dev:code><dev:remarks><maml:para>This command gets all the properties of the subnet with name 10.0.0.0/25. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291046</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADReplicationSubnet</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADReplicationSubnet</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADReplicationSubnet</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADReplicationUpToDatenessVectorTable</command:name><maml:description><maml:para>Displays the highest Update Sequence Number (USN) for the specified domain controller. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADReplicationUpToDatenessVectorTable</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADReplicationUpToDatenessVectorTable cmdlet displays the highest Update Sequence Number (USN) for the specified domain controller(s). This information shows how up-to-date a replica is with its replication partners. During replication, each object that is replicated has USN and if the object is modified, the USN is incremented. The value of the USN for a given object is local to each domain controller where it has replicated are number is different on each domain controller. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADReplicationUpToDatenessVectorTable</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="1" aliases="Name,HostName,Site,Domain,Forest"><maml:name>Target</maml:name><maml:description><maml:para>Specifies either one or more (using a comma separated list) of Active Directory domain controllers, sites, domains, or forests. It will return results for all the domain controllers that are specified or that are part of the specified container. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">Object[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="3" aliases="NC,NamingContext"><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user. </maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>EnumerationServer</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having Windows PowerShell filter the objects after they are retrieved. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADReplicationUpToDatenessVectorTable</maml:name><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="1" aliases="Name,HostName,Site,Domain,Forest"><maml:name>Target</maml:name><maml:description><maml:para>Specifies either one or more (using a comma separated list) of Active Directory domain controllers, sites, domains, or forests. It will return results for all the domain controllers that are specified or that are part of the specified container. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">Object[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="ReplicationSite"><maml:name>Scope</maml:name><maml:description><maml:para>Specifies the type of object used as input by the Target parameter. The acceptable values for this parameter are: -- Server -- Site -- Domain -- Forest</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Domain</command:parameterValue><command:parameterValue required="true" variableLength="false">Forest</command:parameterValue><command:parameterValue required="true" variableLength="false">Server</command:parameterValue><command:parameterValue required="true" variableLength="false">Site</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="3" aliases="NC,NamingContext"><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user. </maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>EnumerationServer</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having Windows PowerShell filter the objects after they are retrieved. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user. </maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>EnumerationServer</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having Windows PowerShell filter the objects after they are retrieved. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="3" aliases="NC,NamingContext"><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue>DefaultNC; Provider: Default is to use the Partition that you are currently in. Else, use DefaultNC (IE: If you are in the RootDSE)</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="ReplicationSite"><maml:name>Scope</maml:name><maml:description><maml:para>Specifies the type of object used as input by the Target parameter. The acceptable values for this parameter are: -- Server -- Site -- Domain -- Forest</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADScopeType</command:parameterValue><dev:type><maml:name>ADScopeType</maml:name><maml:uri /></dev:type><dev:defaultValue>None</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="1" aliases="Name,HostName,Site,Domain,Forest"><maml:name>Target</maml:name><maml:description><maml:para>Specifies either one or more (using a comma separated list) of Active Directory domain controllers, sites, domains, or forests. It will return results for all the domain controllers that are specified or that are part of the specified container. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">Object[]</command:parameterValue><dev:type><maml:name>Object[]</maml:name><maml:uri /></dev:type><dev:defaultValue>DCLocator; Provider: -Server of the connected drive</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADDirectoryServer</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A class structure that contains one or more Active Directory server objects. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADReplicationUpToDatenessVector</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A class structure that contains one or more Active Directory replication up-to-dateness (UTD) vector tables. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationUpToDatenessVectorTable -Target corp-DC01 </dev:code><dev:remarks><maml:para>This command gets the highest Update Sequence Number (USN) information for the default partition from corp-DC01.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationUpToDatenessVectorTable -Target corp-DC01 -Scope Server </dev:code><dev:remarks><maml:para>This command gets the highest Update Sequence Number (USN) information for the default partition from corp-DC01 (same as above). </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationUpToDatenessVectorTable -Target corp-DC01,corp-DC02 -Partition Schema </dev:code><dev:remarks><maml:para>This command gets the highest Update Sequence Number (USN) information for the schema partition from corp-DC01 and corp-DC02. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationUpToDatenessVectorTable -Target NorthAmerica -Scope Site -Partition * </dev:code><dev:remarks><maml:para>This command gets the highest Update Sequence Number (USN) for all partitions from all the Domain Controllers in site NorthAmerica.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationUpToDatenessVectorTable -Target "corp.contoso.com" -Scope Domain -Partition Default </dev:code><dev:remarks><maml:para>This command gets the highest Update Sequence Number (USN) for the default partition from all the Domain Controllers in domain corp.contoso.com.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 6 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationUpToDatenessVectorTable -Target "corp.contoso.com" -Scope Forest -Partition Configuration </dev:code><dev:remarks><maml:para>This command gets the highest Update Sequence Number (USN) for the configuration partition from all the Domain Controllers in forest corp.contoso.com.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291047</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADResourceProperty</command:name><maml:description><maml:para>Gets one or more resource properties.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADResourceProperty</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADResourceProperty cmdlet gets one or more resource properties. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADResourceProperty</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query.</maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects.</maml:para><maml:para>The default is $Null.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax.</maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADResourceProperty</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute.The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourceProperty</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADResourceProperty</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query.</maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects.</maml:para><maml:para>The default is $Null.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax.</maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute.The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourceProperty</command:parameterValue><dev:type><maml:name>ADResourceProperty</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query.</maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue>256</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects.</maml:para><maml:para>The default is $Null.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADResourceProperty</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADResourceProperty</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADResourceProperty -Filter {SharesValuesWith -eq 'Country'} </dev:code><dev:remarks><maml:para>This command gets all the resource properties that refer to the claim type named Country for their suggested values. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADResourceProperty -Identity Authors </dev:code><dev:remarks><maml:para>This command gets the resource property with display name Authors. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291048</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADResourcePropertyList</command:name><maml:description><maml:para>Retrieves resource property lists from Active Directory.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADResourcePropertyList</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADResourcePropertyList cmdlet retrieves resource property lists from Active Directory. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADResourcePropertyList</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query.</maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects. </maml:para><maml:para>The default is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than "*", such as "?" are not supported by the Filter syntax.</maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADResourcePropertyList</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourcePropertyList</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADResourcePropertyList</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query.</maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects. </maml:para><maml:para>The default is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than "*", such as "?" are not supported by the Filter syntax.</maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourcePropertyList</command:parameterValue><dev:type><maml:name>ADResourcePropertyList</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query.</maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue>256</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects. </maml:para><maml:para>The default is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADResourcePropertyList</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADResourcePropertyList</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADResourcePropertyList -Filter * </dev:code><dev:remarks><maml:para>This command retrieves a list of all resource property lists. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADResourcePropertyList -Filter {Members -eq 'Country'} </dev:code><dev:remarks><maml:para>This command retrieves all resource property lists that has the resource property Country in the list. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADResourcePropertyList -Identity "Global Resource Property List" </dev:code><dev:remarks><maml:para>This command retrieves the global resource property list. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291049</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADResourcePropertyValueType</command:name><maml:description><maml:para>Retrieves a resource property value type from Active Directory. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADResourcePropertyValueType</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADResourcePropertyValueType cmdlet retrieves a resource property value type from Active Directory. The resource property value type supports the following Active Directory primitives (ValueType, IsSingleValued, RestrictValues) and a Boolean indicating whether SuggestedValues are allowed. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADResourcePropertyValueType</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. For more information, type Get-Help Get-Member. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Domain name values: -- Fully qualified domain name (FQDN) -- NetBIOS name</maml:para><maml:para>Directory server values: -- Fully qualified domain name (FQDN) -- NetBIOS name</maml:para><maml:para>The default value for the Server parameter is determined by one of the following methods in the order that they are listed: -- By using Server value from objects passed through the pipeline. -- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. -- By using the domain of the computer running PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}"</maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent></maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")"</maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike"</maml:para><maml:para><JoinOperator> ::= "-and" | "-or"</maml:para><maml:para><NotOperator> ::= "-not"</maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute></maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>></maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADResourcePropertyValueType</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory user object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourcePropertyValueType</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. For more information, type Get-Help Get-Member. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Domain name values: -- Fully qualified domain name (FQDN) -- NetBIOS name</maml:para><maml:para>Directory server values: -- Fully qualified domain name (FQDN) -- NetBIOS name</maml:para><maml:para>The default value for the Server parameter is determined by one of the following methods in the order that they are listed: -- By using Server value from objects passed through the pipeline. -- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. -- By using the domain of the computer running PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADResourcePropertyValueType</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. For more information, type Get-Help Get-Member. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Domain name values: -- Fully qualified domain name (FQDN) -- NetBIOS name</maml:para><maml:para>Directory server values: -- Fully qualified domain name (FQDN) -- NetBIOS name</maml:para><maml:para>The default value for the Server parameter is determined by one of the following methods in the order that they are listed: -- By using Server value from objects passed through the pipeline. -- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. -- By using the domain of the computer running PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}"</maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent></maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")"</maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike"</maml:para><maml:para><JoinOperator> ::= "-and" | "-or"</maml:para><maml:para><NotOperator> ::= "-not"</maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute></maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>></maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory user object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourcePropertyValueType</command:parameterValue><dev:type><maml:name>ADResourcePropertyValueType</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. For more information, type Get-Help Get-Member. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Domain name values: -- Fully qualified domain name (FQDN) -- NetBIOS name</maml:para><maml:para>Directory server values: -- Fully qualified domain name (FQDN) -- NetBIOS name</maml:para><maml:para>The default value for the Server parameter is determined by one of the following methods in the order that they are listed: -- By using Server value from objects passed through the pipeline. -- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. -- By using the domain of the computer running PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADResourcePropertyValueType</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADResourcePropertyValueType</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Default </maml:para><maml:para>1 ValueType </maml:para><maml:para>2 IsSingleValued </maml:para><maml:para>3 RestrictValues </maml:para><maml:para>4 AreSuggestedValuesPresent </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADResourcePropertyValueType -Filter * | Format-Table Name </dev:code><dev:remarks><maml:para>This command retrieves the names of all resource property value types.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADResourcePropertyValueType -Filter {ResourceProperties -eq 'Country' -or ResourceProperties -eq 'Authors'} </dev:code><dev:remarks><maml:para>This command retrieves all resource property value types that the resource properties Country and Authors use. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADResourcePropertyValueType -Identity "MS-DS-Text" </dev:code><dev:remarks><maml:para>This command retrieves a resource property value type named MS-DS-Text.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291050</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADRootDSE</command:name><maml:description><maml:para>Gets the root of a Directory Server information tree. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADRootDSE</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADRootDSE cmdlet gets the conceptual object representing the root of the directory information tree of a directory server. This tree provides information about the configuration and capabilities of the directory server, such as the distinguished name for the configuration container, the current time on the directory server, and the functional levels of the directory server and the domain.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADRootDSE</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. For more information, type Get-Help Get-Member.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Domain name values: -- Fully qualified domain name (FQDN) -- NetBIOS name</maml:para><maml:para>Directory server values: -- Fully qualified directory server name -- NetBIOS name -- Fully qualified directory server name and port</maml:para><maml:para>The default value for the Server parameter is determined by one of the following methods in the order that they are listed: -- By using Server value from objects passed through the pipeline. -- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. -- By using the domain of the computer running PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. For more information, type Get-Help Get-Member.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Domain name values: -- Fully qualified domain name (FQDN) -- NetBIOS name</maml:para><maml:para>Directory server values: -- Fully qualified directory server name -- NetBIOS name -- Fully qualified directory server name and port</maml:para><maml:para>The default value for the Server parameter is determined by one of the following methods in the order that they are listed: -- By using Server value from objects passed through the pipeline. -- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. -- By using the domain of the computer running PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADRootDSE</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An ADRootDSE object that represents the data tree for the specified directory server is output by this cmdlet. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADRootDSE configurationNamingContext : CN=Configuration,DC=Fabrikam,DC=com currentTime : 3/18/2009 11:12:55 AM defaultNamingContext : DC=Fabrikam,DC=com dnsHostName : FABRIKAM-DC1.Fabrikam.com domainControllerFunctionality : Windows2008R2 domainFunctionality : Windows2003Domain dsServiceName : CN=NTDS Settings,CN=FABRIKAM-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Fabrikam,DC=com forestFunctionality : Windows2003Forest highestCommittedUSN : 23015 isGlobalCatalogReady : {TRUE} isSynchronized : {TRUE} ldapServiceName : Fabrikam.com:FABRIKAM-DC1$@FABRIKAM.COM namingContexts : {DC=Fabrikam,DC=com, CN=Configuration,DC=Fabrikam,DC=com, CN=Schema,CN=Configuration,DC=Fabrikam,DC=com, DC=DomainDnsZones,DC=Fabrikam,DC=com...} rootDomainNamingContext : DC=Fabrikam,DC=com schemaNamingContext : CN=Schema,CN=Configuration,DC=Fabrikam,DC=com serverName : CN=FABRIKAM-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Fabrikam,DC=com subschemaSubentry : CN=Aggregate,CN=Schema,CN=Configuration,DC=Fabrikam,DC=com supportedCapabilities : {1.2.840.113556.1.4.800 (LDAP_CAP_ACTIVE_DIRECTORY_OID), 1.2.840.113556.1.4.1670 (LDAP_CAP_ACTIVE_DIRECTORY_V51_OID), 1.2.840.113556.1.4.1791 (LDAP_CAP_ACTIVE_DIRECTORY_LDAP_INTEG_OID), 1.2.840.113556.1.4.1935 (LDAP_CAP_ACTIVE_DIRECTORY_V61_OID)...} supportedControl : {1.2.840.113556.1.4.319 (LDAP_PAGED_RESULT_OID_STRING), 1.2.840.113556.1.4.801 (LDAP_SERVER_SD_FLAGS_OID), 1.2.840.113556.1.4.473 (LDAP_SERVER_SORT_OID), 1.2.840.113556.1.4.528 (LDAP_SERVER_NOTIFICATION_OID)...} supportedLDAPPolicies : {MaxPoolThreads, MaxDatagramRecv, MaxReceiveBuffer, InitRecvTimeout...} supportedLDAPVersion : {3, 2} supportedSASLMechanisms : {GSSAPI, GSS-SPNEGO, EXTERNAL, DIGEST-MD5} </dev:code><dev:remarks><maml:para>This command gets the rootDSE from the default domain controller. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADRootDSE -Server Fabrikam-RODC1 -Properties supportedExtension configurationNamingContext : CN=Configuration,DC=Fabrikam,DC=com currentTime : 3/18/2009 11:12:55 AM defaultNamingContext : DC=Fabrikam,DC=com dnsHostName : FABRIKAM-RODC1.Fabrikam.com domainControllerFunctionality : Windows2008R2 domainFunctionality : Windows2003Domain dsServiceName : CN=NTDS Settings,CN=FABRIKAM-RODC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Fabrikam,DC=com forestFunctionality : Windows2003Forest highestCommittedUSN : 23015 isGlobalCatalogReady : {TRUE} isSynchronized : {TRUE} ldapServiceName : Fabrikam.com:FABRIKAM-RODC1$@FABRIKAM.COM namingContexts : {DC=Fabrikam,DC=com, CN=Configuration,DC=Fabrikam,DC=com, CN=Schema,CN=Configuration,DC=Fabrikam,DC=com, DC=DomainDnsZones,DC=Fabrikam,DC=com...} rootDomainNamingContext : DC=Fabrikam,DC=com schemaNamingContext : CN=Schema,CN=Configuration,DC=Fabrikam,DC=com serverName : CN=FABRIKAM-RODC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Fabrikam,DC=com subschemaSubentry : CN=Aggregate,CN=Schema,CN=Configuration,DC=Fabrikam,DC=com supportedCapabilities : {1.2.840.113556.1.4.800 (LDAP_CAP_ACTIVE_DIRECTORY_OID), 1.2.840.113556.1.4.1670 (LDAP_CAP_ACTIVE_DIRECTORY_V51_OID), 1.2.840.113556.1.4.1791 (LDAP_CAP_ACTIVE_DIRECTORY_LDAP_INTEG_OID), 1.2.840.113556.1.4.1935 (LDAP_CAP_ACTIVE_DIRECTORY_V61_OID)...} supportedControl : {1.2.840.113556.1.4.319 (LDAP_PAGED_RESULT_OID_STRING), 1.2.840.113556.1.4.801 (LDAP_SERVER_SD_FLAGS_OID), 1.2.840.113556.1.4.473 (LDAP_SERVER_SORT_OID), 1.2.840.113556.1.4.528 (LDAP_SERVER_NOTIFICATION_OID)...} supportedExtension : {1.3.6.1.4.1.1466.20037, 1.3.6.1.4.1.1466.101.119.1, 1.2.840.113556.1.4.1781, 1.3.6.1.4.1.4203.1.11.3} supportedLDAPPolicies : {MaxPoolThreads, MaxDatagramRecv, MaxReceiveBuffer, InitRecvTimeout...} supportedLDAPVersion : {3, 2} supportedSASLMechanisms : {GSSAPI, GSS-SPNEGO, EXTERNAL, DIGEST-MD5} </dev:code><dev:remarks><maml:para>This command gets the rootDSE information including the supportedExtension property for Fabrikam-RODC1 server. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADRootDSE -Server "FABRIKAM-ADLDS1.Fabrikam.com:60000" -Credential "FABRIKAM\User1" configurationNamingContext : CN=Configuration,CN={9131D98B-E210-480F-A95D-24F9396898CA} currentTime : 3/18/2009 11:40:19 AM dnsHostName : FABRIKAM-ADLDS1.Fabrikam.com domainControllerFunctionality : Windows2008R2 dsServiceName : CN=NTDS Settings,CN=FABRIKAM-ADLDS1$instance1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C N=Configuration,CN={9131D98B-E210-480F-A95D-24F9396898CA} forestFunctionality : Windows2003Forest highestCommittedUSN : 13967 isSynchronized : {TRUE} namingContexts : {CN=Configuration,CN={9131D98B-E210-480F-A95D-24F9396898CA}, CN=Schema,CN=Configuration,CN={9131D98B-E210-480F-A95D-24F9396898CA}, DC=AppNC} schemaNamingContext : CN=Schema,CN=Configuration,CN={9131D98B-E210-480F-A95D-24F9396898CA} serverName : CN=FABRIKAM-ADLDS1$instance1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={9131D98B-E210-480F-A95D-24F9396898CA} subschemaSubentry : CN=Aggregate,CN=Schema,CN=Configuration,CN={9131D98B-E210-480F-A95D-24F9396898CA} supportedCapabilities : {1.2.840.113556.1.4.1851 (LDAP_CAP_ACTIVE_DIRECTORY_ADAM_OID), 1.2.840.113556.1.4.1670 (LDAP_CAP_ACTIVE_DIRECTORY_V51_OID), 1.2.840.113556.1.4.1791 (LDAP_CAP_ACTIVE_DIRECTORY_LDAP_INTEG_OID), 1.2.840.113556.1.4.1935 (LDAP_CAP_ACTIVE_DIRECTORY_V61_OID)...} supportedControl : {1.2.840.113556.1.4.319 (LDAP_PAGED_RESULT_OID_STRING), 1.2.840.113556.1.4.801 (LDAP_SERVER_SD_FLAGS_OID), 1.2.840.113556.1.4.473 (LDAP_SERVER_SORT_OID), 1.2.840.113556.1.4.528 (LDAP_SERVER_NOTIFICATION_OID)...} supportedLDAPPolicies : {MaxPoolThreads, MaxDatagramRecv, MaxReceiveBuffer, InitRecvTimeout...} supportedLDAPVersion : {3, 2} supportedSASLMechanisms : {GSSAPI, GSS-SPNEGO, EXTERNAL, DIGEST-MD5} </dev:code><dev:remarks><maml:para>This command gets the rootDSE information of FABRIKAM-ADLDS1 using the FABRIKAM\user1 credentials. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291051</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADServiceAccount</command:name><maml:description><maml:para>Gets one or more Active Directory managed service accounts or group managed service accounts.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADServiceAccount</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADServiceAccount cmdlet gets a managed service account (MSA) or performs a search to retrieve MSAs.</maml:para><maml:para>The Identity parameter specifies the Active Directory MSA to get. You can identify a MSA by its distinguished name Members (DN), GUID, security identifier (SID), or Security Accounts Manager (SAM) account name. You can also set the parameter to a MSA object variable, such as $<localServiceaccountObject> or pass a MSA object through the pipeline to the Identity parameter. </maml:para><maml:para>To search for and retrieve more than one MSA, use the Filter or LDAPFilter parameters. The parameter uses the PowerShell Expression Language to write query strings for Active Directory. PowerShell Expression Language syntax provides rich type conversion support for value types received by the Filter parameter. For more information about the Filter parameter syntax, type Get-Help about_ActiveDirectory_Filter. If you have existing LDAP query strings, you can use the LDAPFilter parameter.</maml:para><maml:para>This cmdlet gets a default set of MSA object properties. To retrieve additional properties use the Properties parameter. For more information about the how to determine the properties for service account objects, see the Properties parameter description. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADServiceAccount</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. For more information, type Get-Help Get-Member. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query.</maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects.</maml:para><maml:para>The default is $Null.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under. </maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Base</command:parameterValue><command:parameterValue required="true" variableLength="false">OneLevel</command:parameterValue><command:parameterValue required="true" variableLength="false">Subtree</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Domain name values: -- Fully qualified domain name (FQDN) -- NetBIOS name</maml:para><maml:para>Directory server values: -- Fully qualified directory server name -- NetBIOS name -- Fully qualified directory server name and port</maml:para><maml:para>The default value for the Server parameter is determined by one of the following methods in the order that they are listed: -- By using Server value from objects passed through the pipeline. -- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. -- By using the domain of the computer running PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax:</maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}"</maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent></maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")"</maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike"</maml:para><maml:para><JoinOperator> ::= "-and" | "-or"</maml:para><maml:para><NotOperator> ::= "-not"</maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute></maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>></maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADServiceAccount</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADServiceAccount</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. For more information, type Get-Help Get-Member. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Domain name values: -- Fully qualified domain name (FQDN) -- NetBIOS name</maml:para><maml:para>Directory server values: -- Fully qualified directory server name -- NetBIOS name -- Fully qualified directory server name and port</maml:para><maml:para>The default value for the Server parameter is determined by one of the following methods in the order that they are listed: -- By using Server value from objects passed through the pipeline. -- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. -- By using the domain of the computer running PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADServiceAccount</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. For more information, type Get-Help Get-Member. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query.</maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects.</maml:para><maml:para>The default is $Null.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under. </maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Base</command:parameterValue><command:parameterValue required="true" variableLength="false">OneLevel</command:parameterValue><command:parameterValue required="true" variableLength="false">Subtree</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Domain name values: -- Fully qualified domain name (FQDN) -- NetBIOS name</maml:para><maml:para>Directory server values: -- Fully qualified directory server name -- NetBIOS name -- Fully qualified directory server name and port</maml:para><maml:para>The default value for the Server parameter is determined by one of the following methods in the order that they are listed: -- By using Server value from objects passed through the pipeline. -- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. -- By using the domain of the computer running PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax:</maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}"</maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent></maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")"</maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike"</maml:para><maml:para><JoinOperator> ::= "-and" | "-or"</maml:para><maml:para><NotOperator> ::= "-not"</maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute></maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>></maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADServiceAccount</command:parameterValue><dev:type><maml:name>ADServiceAccount</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. For more information, type Get-Help Get-Member. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query.</maml:para><maml:para>The default is 256 objects per page. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue>256</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects.</maml:para><maml:para>The default is $Null.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under. </maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADSearchScope</command:parameterValue><dev:type><maml:name>ADSearchScope</maml:name><maml:uri /></dev:type><dev:defaultValue>Subtree</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Domain name values: -- Fully qualified domain name (FQDN) -- NetBIOS name</maml:para><maml:para>Directory server values: -- Fully qualified directory server name -- NetBIOS name -- Fully qualified directory server name and port</maml:para><maml:para>The default value for the Server parameter is determined by one of the following methods in the order that they are listed: -- By using Server value from objects passed through the pipeline. -- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. -- By using the domain of the computer running PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A managed service account object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns one or more managed service account (MSA) objects.</maml:para><maml:para>This cmdlet returns a default set of ADService account property values. To retrieve additional ADService account properties, use the Properties parameter.</maml:para><maml:para>To view the properties for an ADService account object, see the following examples. To run these examples, replace <service account> with a MSA identifier such as the name of a MSA. </maml:para><maml:para>To get a list of the default set of properties of an ADService account object, use the following command: </maml:para><maml:para>Get-ADServiceAccount<service account>| Get-Member</maml:para><maml:para>To get a list of all the properties of an ADService account object, use the following command: </maml:para><maml:para>Get-ADServiceAccount<service account>-Properties ALL | Get-Member</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS. </maml:para></maml:alert><maml:alert></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADServiceAccount -Identity service1 Enabled : True Name : service1 UserPrincipalName : SamAccountName : service1$ ObjectClass : msDS-ManagedServiceAccount SID : S-1-5-21-159507390-2980359153-3438059098-29770 ObjectGUID : eaa435ee-6ebc-44dd-b4b6-dc1bb5bcd23a HostComputers : DistinguishedName : CN=service1,CN=Managed Service Accounts,DC=contoso,DC=com </dev:code><dev:remarks><maml:para>This command retrieves a service account with samAccountName service1. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADServiceAccount -Identity S-1-5-21-159507390-2980359153-3438059098-29770 Enabled : True Name : service1 UserPrincipalName : SamAccountName : service1$ ObjectClass : msDS-ManagedServiceAccount SID : S-1-5-21-159507390-2980359153-3438059098-29770 ObjectGUID : eaa435ee-6ebc-44dd-b4b6-dc1bb5bcd23a HostComputers : DistinguishedName : CN=service1,CN=Managed Service Accounts,DC=contoso,DC=com </dev:code><dev:remarks><maml:para>This command retrieves the managed service account with SID S-1-5-21-159507390-2980359153-3438059098-29770. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADServiceAccount -Filter {HostComputers -eq "CN=SQL-Server-1, DC=contoso,DC=com" } Enabled : True Name : service1 UserPrincipalName : SamAccountName : service1$ ObjectClass : msDS-ManagedServiceAccount SID : S-1-5-21-159507390-2980359153-3438059098-29770 ObjectGUID : eaa435ee-6ebc-44dd-b4b6-dc1bb5bcd23a HostComputers : {CN=SQL-Server-1, DC=contoso,DC=com} DistinguishedName : CN=service1,CN=Managed Service Accounts,DC=contoso,DC=com </dev:code><dev:remarks><maml:para>This command finds the Managed Service Accounts installed on the computer CN=SQL-Server-1,DC=contoso,DC=com.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291052</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Install-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Uninstall-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADTrust</command:name><maml:description><maml:para>Returns all trusted domain objects in the directory.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADTrust</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADTrust cmdlet returns all trusted domain objects in the directory. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADTrust</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object The following example shows how to create credentials. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel.</maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADTrust</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADTrust</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object The following example shows how to create credentials. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADTrust</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object The following example shows how to create credentials. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="named" aliases=""><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies an Active Directory input object. This parameter can accept one of the the following object types: -- ADForest -- ADDomain -- ADObject</maml:para><maml:para>The cmdlet will retrieve the corresponding ADTrust based on the input object specified.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Object</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADTrust</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object The following example shows how to create credentials. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object The following example shows how to create credentials. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter. </maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel.</maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADTrust</command:parameterValue><dev:type><maml:name>ADTrust</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="named" aliases=""><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies an Active Directory input object. This parameter can accept one of the the following object types: -- ADForest -- ADDomain -- ADObject</maml:para><maml:para>The cmdlet will retrieve the corresponding ADTrust based on the input object specified.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Object</command:parameterValue><dev:type><maml:name>Object</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set.</maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).</maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute.</maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADTrust</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A trusted domain object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADTrust</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADTrust -Filter * </dev:code><dev:remarks><maml:para>This command gets all the trusted domain objects in the forest.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADTrust -Filter {Target -eq "corp.contoso.com"} </dev:code><dev:remarks><maml:para>This command gets all the trusted domain objects with corp.contoso.com as the trust partner.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADTrust -Identity "corp.contoso.com" </dev:code><dev:remarks><maml:para>This command gets the trusted domain object with name corp.contoso.com.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291053</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADUser</command:name><maml:description><maml:para>Gets one or more Active Directory users.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADUser</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADUser cmdlet gets a user object or performs a search to retrieve multiple user objects. </maml:para><maml:para>The Identity parameter specifies the Active Directory user to get. You can identify a user by its distinguished name (DN), GUID, security identifier (SID), Security Accounts Manager (SAM) account name or name. You can also set the parameter to a user object variable, such as $<localUserObject> or pass a user object through the pipeline to the Identity parameter. </maml:para><maml:para>To search for and retrieve more than one user, use the Filter or LDAPFilter parameters. The Filter parameter uses the PowerShell Expression Language to write query strings for Active Directory. PowerShell Expression Language syntax provides rich type conversion support for value types received by the Filter parameter. For more information about the Filter parameter syntax, type Get-Help about_ActiveDirectory_Filter. If you have existing LDAP query strings, you can use the LDAPFilter parameter. </maml:para><maml:para>This cmdlet retrieves a default set of user object properties. To retrieve additional properties use the Properties parameter. For more information about the how to determine the properties for user objects, see the Properties parameter description. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADUser</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query.</maml:para><maml:para>The default is 256 objects per page.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects. </maml:para><maml:para>The default is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under.</maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Base</command:parameterValue><command:parameterValue required="true" variableLength="false">OneLevel</command:parameterValue><command:parameterValue required="true" variableLength="false">Subtree</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter.</maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADUser</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory user object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADUser</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-ADUser</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query.</maml:para><maml:para>The default is 256 objects per page.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects. </maml:para><maml:para>The default is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under.</maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Base</command:parameterValue><command:parameterValue required="true" variableLength="false">OneLevel</command:parameterValue><command:parameterValue required="true" variableLength="false">Subtree</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, type Get-Help about_ActiveDirectory_Filter.</maml:para><maml:para>Syntax: </maml:para><maml:para>The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter. </maml:para><maml:para><filter> ::= "{" <FilterComponentList> "}" </maml:para><maml:para><FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent> </maml:para><maml:para><FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")" </maml:para><maml:para><FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike" </maml:para><maml:para><JoinOperator> ::= "-and" | "-or" </maml:para><maml:para><NotOperator> ::= "-not" </maml:para><maml:para><attr> ::= <PropertyName> | <LDAPDisplayName of the attribute> </maml:para><maml:para><value>::= <compare this value with an <attr> by using the specified <FilterOperator>> </maml:para><maml:para>For a list of supported types for <value>, type Get-Help about_ActiveDirectory_ObjectModel. </maml:para><maml:para>Note: PowerShell wildcards other than *, such as ?, are not supported by the Filter syntax. </maml:para><maml:para>Note: To query using LDAP query strings, use the LDAPFilter parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory user object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADUser</command:parameterValue><dev:type><maml:name>ADUser</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LDAPFilter</maml:name><maml:description><maml:para>Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description or type Get-Help about_ActiveDirectory_Filter. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Property"><maml:name>Properties</maml:name><maml:description><maml:para>Specifies the properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. </maml:para><maml:para>Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk). </maml:para><maml:para>To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, you must specify the LDAP display name of the attribute. </maml:para><maml:para>To retrieve properties and display them for an object, you can use the Get-* cmdlet associated with the object and pass the output to the <maml:navigationLink><maml:linkText>Get-Member</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query.</maml:para><maml:para>The default is 256 objects per page.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue>256</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects. </maml:para><maml:para>The default is $Null. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under.</maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain. </maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value. </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADSearchScope</command:parameterValue><dev:type><maml:name>ADSearchScope</maml:name><maml:uri /></dev:type><dev:defaultValue>Subtree</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADUser</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A user object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADUser</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns one or more user objects. </maml:para><maml:para>This cmdlet returns a default set of ADUser property values. To retrieve additional ADUser properties, use the Properties parameter. </maml:para><maml:para>To get a list of the default set of properties of an ADUser object, use the following command:</maml:para><maml:para>Get-ADUser<user>| Get-Member</maml:para><maml:para>To get a list of the most commonly used properties of an ADUser object, use the following command:</maml:para><maml:para>Get-ADUser<user>-Properties Extended | Get-Member</maml:para><maml:para>To get a list of all the properties of an ADUser object, use the following command:</maml:para><maml:para>Get-ADUser<user>-Properties * | Get-Member</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADUser -Filter * -SearchBase "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM" </dev:code><dev:remarks><maml:para>This command gets all users under the container OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADUser -Filter 'Name -like "*SvcAccount"' | FT Name,SamAccountName -A Name SamAccountName ---- -------------- SQL01 SvcAccount SQL01 SQL02 SvcAccount SQL02 IIS01 SvcAccount IIS01 </dev:code><dev:remarks><maml:para>This command gets all users that have a name that ends with SvcAccount.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADUser -Identity GlenJohn -Properties * Surname : John Name : Glen John UserPrincipalName : GivenName : Glen Enabled : False SamAccountName : GlenJohn ObjectClass : user SID : S-1-5-21-2889043008-4136710315-2444824263-3544 ObjectGUID : e1418d64-096c-4cb0-b903-ebb66562d99d DistinguishedName : CN=Glen John,OU=NorthAmerica,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM </dev:code><dev:remarks><maml:para>This command gets all properties of the user with samAccountName GlenJohn. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADUser -Filter {Name -eq "GlenJohn"} -SearchBase "DC=AppNC" -Properties mail -Server lds.Fabrikam.com:50000 </dev:code><dev:remarks><maml:para>This command gets the user with name GlenJohn on the AD LDS instance.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291054</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADUser</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADUser</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADUser</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ADUserResultantPasswordPolicy</command:name><maml:description><maml:para>Gets the resultant password policy for a user.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADUserResultantPasswordPolicy</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ADUserResultantPasswordPolicy cmdlet gets the resultant password policy object (RSoP) for a user. The RSoP is defined by the Active Directory attribute named msDS-ResultantPSO. </maml:para><maml:para>A user can have multiple password policy objects (PSOs) associated with it, but only one PSO is the RSoP. A PSO is associated with a user when the PSO applies directly to the user or when the PSO applies to an Active Directory group that contains the user. When more than one PSO policy is associated with a user or group, the RSoP value defines the PSO to apply. </maml:para><maml:para>The resultant password policy or RSoP for a user is determined by using the following procedure: -- If only one PSO is associated with a user, this PSO is the RSoP. -- If more than one PSO is associated with a user, the PSO that applies directly to the user is the RSoP. -- If more than one PSO applies directly to the user, the PSO with the lowest msDS-PasswordSettingsPrecedence attribute value is the RSoP and this event is logged as a warning in the Active Directory event log. The lowest attribute value represents the highest PSO precedence. For example, if the msDS-PasswordSettingsPrecedence values of two PSOs are 100 and 200, the PSO with the attribute value of 100 is the RSoP. -- If there are no PSOs that apply directly to the user, the PSOs of the global security groups that have the user as a member are compared. The PSO with the lowest msDS-PasswordSettingsPrecedence value is the RSoP.</maml:para><maml:para>The Identity parameter specifies the Active Directory user. You can identify a user by its distinguished name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. You can also set the parameter to a user object variable, such as $<localUserObject> or pass a user object through the pipeline to the Identity parameter. For example, you can use the Get-ADUser cmdlet to retrieve a user object and then pass the object through the pipeline to the Get-ADUserResultantPasswordPolicy cmdlet. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADUserResultantPasswordPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory user object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- Security Identifier (objectSid) -- SAM account name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADUser</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object The following example shows how to create credentials. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object The following example shows how to create credentials. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory user object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- Security Identifier (objectSid) -- SAM account name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADUser</command:parameterValue><dev:type><maml:name>ADUser</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADUser</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A user object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns a fine grained password policy object that represents the resultant password policy for the user. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADUserResultantPasswordPolicy -Identity BobKe Name : DomainUsersPSO ComplexityEnabled : True LockoutThreshold : 10 ReversibleEncryptionEnabled : False LockoutDuration : 12:00:00 LockoutObservationWindow : 00:15:00 MinPasswordLength : 8 Precedence : 500 ObjectGUID : f8d2653c-9b3b-499e-b272-4c7f4268df4c ObjectClass : msDS-PasswordSettings PasswordHistoryCount : 24 MinPasswordAge : 1.00:00:00 MaxPasswordAge : 60.00:00:00 AppliesTo : {CN=Domain Users,CN=Users,DC=FABRIKAM,DC=COM} DistinguishedName : CN=DomainUsersPSO,CN=Password Settings Container,CN=System,DC=FABRIKAM,DC=COM </dev:code><dev:remarks><maml:para>This command gets the resultant password policy for the user with samAccountName BobKe. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291055</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADUser</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Grant-ADAuthenticationPolicySiloAccess</command:name><maml:description><maml:para>Grants permission to join an authentication policy silo.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Grant</command:verb><command:noun>ADAuthenticationPolicySiloAccess</command:noun><dev:version /></command:details><maml:description><maml:para>The Grant-ADAuthenticationPolicySiloAccess cmdlet grants permission to an account to join an authentication policy silo in Active Directory® Domain Services.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Grant-ADAuthenticationPolicySiloAccess</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an ADAuthenticationPolicySilo object. Specify the authentication policy silo object in one of the following formats: -- A Distinguished Name -- A GUID -- A Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="2" aliases=""><maml:name>Account</maml:name><maml:description><maml:para>Specifies the account to which to grant access to the authentication policy silo. Specify the account in one of the following formats: -- A Distinguished Name -- A GUID -- A Security Identifier -- A SAM Account Name </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>You can also use this parameter to specify a variable that contains user, computer, and service account objects.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAccount</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- A Fully qualified domain name ---- A NetBIOS name -- Directory server values: ---- A Fully qualified directory server name ---- A NetBIOS name ----A Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="2" aliases=""><maml:name>Account</maml:name><maml:description><maml:para>Specifies the account to which to grant access to the authentication policy silo. Specify the account in one of the following formats: -- A Distinguished Name -- A GUID -- A Security Identifier -- A SAM Account Name </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>You can also use this parameter to specify a variable that contains user, computer, and service account objects.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAccount</command:parameterValue><dev:type><maml:name>ADAccount</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an ADAuthenticationPolicySilo object. Specify the authentication policy silo object in one of the following formats: -- A Distinguished Name -- A GUID -- A Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicySilo</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- A Fully qualified domain name ---- A NetBIOS name -- Directory server values: ---- A Fully qualified directory server name ---- A NetBIOS name ----A Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADAccount, Microsoft.ActiveDirectory.Management.ADAuthenticationPolicySilo</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>System.Object</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>Example 1: Grant access to an authentication policy silo to a user account</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Grant-ADAuthenticationPolicySiloAccess -Identity AuthenticationPolicySilo01 -Account User01 </dev:code><dev:remarks><maml:para>This command grants access to the authentication policy silo named AuthenticationPolicySilo01 to the user account named User01.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 2: grant access to an authentication policy silo for filter matches</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADComputer -Filter 'Name -like "newComputer*"' | Grant-ADAuthenticationPolicySiloAccess -Identity AuthenticationPolicySilo01 </dev:code><dev:remarks><maml:para>This example first uses the Get-ADComputer cmdlet to get a list of computers that match the filter specified by the Filter parameter. The output is then passed to the Grant-ADAuthenticationPolicySiloAccess to grant access to the authentication policy silo named AuthenticationPolicySilo02. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=288446</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Revoke-ADAuthenticationPolicySiloAccess</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Install-ADServiceAccount</command:name><maml:description><maml:para>Installs an Active Directory managed service account on a computer or caches a group managed service account on a computer.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Install</command:verb><command:noun>ADServiceAccount</command:noun><dev:version /></command:details><maml:description><maml:para>The Install-ADServiceAccount cmdlet installs an existing Active Directory managed service account (MSA) on the computer on which the cmdlet is run. This cmdlet verifies that the computer is eligible to host the MSA. The cmdlet also makes the required changes locally so that the MSA password can be managed without requiring any user action.</maml:para><maml:para>The Identity parameter specifies the Active Directory MSA to install. You can identify a MSA by its distinguished name Members (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. You can also set the parameter to a MSA object variable, such as $<localServiceaccountObject> or pass a MSA object through the pipeline to the Identity parameter. For example, you can use Get-ADServiceAccount to get a MSA object and then pass the object through the pipeline to the Install-ADServiceAccount.</maml:para><maml:para>The AccountPassword parameter allows you to pass a SecureString that contains the password of a standalone MSA and is ignored for group MSAs. Alternatively you can use PromptForPassword parameter to be prompted for the standalone MSA password. You need to enter the password of a standalone MSA if you want to install an account that you have pre-provisioned early on. This is required when you are installing a standalone MSA on a server located on a segmented network (site) with no access to writable DCs but only RODCs (e.g. perimeter network or DMZ). In this case you should create the standalone MSA, link it with the appropriate computer account and assign a well-known password that needs to be passed when installing the standalone MSA on the server on the RODC-only site with no access to writable DCs. If you pass both AccountPassword and PromptForPassword parameters the AccountPassword parameter takes precedence.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Install-ADServiceAccount</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADServiceAccount</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AccountPassword</maml:name><maml:description><maml:para>Specifies the account password as a secure string. The parameter will allow you to inline pass-in the password of a standalone Managed Service Account (MSA) that you have pre-provisioned early on and is ignored for group MSAs. This is required when you are installing a standalone MSA on a server located on a segmented network (site) with no access to writable DCs but only RODCs (e.g. perimeter network or DMZ). In this case you should create the standalone MSA, link it with the appropriate computer account and assign a well-known password that needs to be passed when installing the standalone MSA on the server on the RODC-only site with no access to writable DCs. If you pass both AccountPassword and PromptForPassword parameters the AccountPassword parameter takes precedence.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. Possible values for this parameter include: The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Force</maml:name><maml:description><maml:para>Forces installation of the service account.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PromptForPassword</maml:name><maml:description><maml:para>Indicates that you can enter the password of a standalone Managed Service Account (MSA) that you have pre-provisioned early on and ignored for group MSAs. This is required when you are installing a standalone MSA on a server located on a segmented network (site) with no access to writable DCs but only RODCs (e.g. perimeter network or DMZ). In this case you should create the standalone MSA, link it with the appropriate computer account and assign a well-known password that needs to be passed when installing the standalone MSA on the server on the RODC-only site with no access to writable DCs. If you pass both AccountPassword and PromptForPassword parameters the AccountPassword parameter takes precedence. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AccountPassword</maml:name><maml:description><maml:para>Specifies the account password as a secure string. The parameter will allow you to inline pass-in the password of a standalone Managed Service Account (MSA) that you have pre-provisioned early on and is ignored for group MSAs. This is required when you are installing a standalone MSA on a server located on a segmented network (site) with no access to writable DCs but only RODCs (e.g. perimeter network or DMZ). In this case you should create the standalone MSA, link it with the appropriate computer account and assign a well-known password that needs to be passed when installing the standalone MSA on the server on the RODC-only site with no access to writable DCs. If you pass both AccountPassword and PromptForPassword parameters the AccountPassword parameter takes precedence.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue><dev:type><maml:name>SecureString</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. Possible values for this parameter include: The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Force</maml:name><maml:description><maml:para>Forces installation of the service account.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADServiceAccount</command:parameterValue><dev:type><maml:name>ADServiceAccount</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PromptForPassword</maml:name><maml:description><maml:para>Indicates that you can enter the password of a standalone Managed Service Account (MSA) that you have pre-provisioned early on and ignored for group MSAs. This is required when you are installing a standalone MSA on a server located on a segmented network (site) with no access to writable DCs but only RODCs (e.g. perimeter network or DMZ). In this case you should create the standalone MSA, link it with the appropriate computer account and assign a well-known password that needs to be passed when installing the standalone MSA on the server on the RODC-only site with no access to writable DCs. If you pass both AccountPassword and PromptForPassword parameters the AccountPassword parameter takes precedence. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A managed service account object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller.</maml:para></maml:alert><maml:alert><maml:para>To successfully install a service account, the service account should have the PrincipalsAllowedToRetrieveManagedPassword parameter option set first by using either the New-ADServiceAccount or Set-ADServiceAccount cmdlet first. Otherwise, installation will fail.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Install-ADServiceAccount -Identity 'SQL-HR-svc-01' </dev:code><dev:remarks><maml:para>This command installs a Managed Service Account with name SQL-HR-svc-01 on the local computer. If a Group Managed Service Account is used, the service account must have the PrincipalsAllowedToRetrieveManagedPassword property set. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$a = Get-ADServiceAccount -Filter { Name -eq 'SQL-HR-svc-01'} PS C:\> Install-ADServiceAccount $a </dev:code><dev:remarks><maml:para>This command gets a Managed Service Account with name SQL-HR-svc-01 from the default directory and installs it on the local machine. If a Group Managed Service Account is used, the service account must have the PrincipalsAllowedToRetrieveManagedPassword property set. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Install-ADServiceAccount -Identity 'SQL-HR-svc-01' -PromptForPassword Please enter the current password for 'CN=SQL-HR-svc-01,CN=Managed Service Accounts,DC=contoso,DC=com' Password: ******* </dev:code><dev:remarks><maml:para>This command installs a standalone Managed Service Account with name SQL-HR-svc-01 in a RODC-only site with not access to writable DCs. If a Group Managed Service Account is used, the service account must have the PrincipalsAllowedToRetrieveManagedPassword property set. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Install-ADServiceAccount -Identity 'SQL-HR-svc-01' -AccountPassword (ConvertTo-SecureString -AsPlainText "p@ssw0rd" -Force) </dev:code><dev:remarks><maml:para>This command installs a standalone Managed Service Account with name SQL-HR-svc-01 in a RODC-only site with not access to writable DCs passing the account password as a secure string. If a Group Managed Service Account is used, the service account must have the PrincipalsAllowedToRetrieveManagedPassword property set. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291056</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Reset-ADServiceAccountPassword</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Uninstall-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Move-ADDirectoryServer</command:name><maml:description><maml:para>Moves a directory server in Active Directory to a new site. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Move</command:verb><command:noun>ADDirectoryServer</command:noun><dev:version /></command:details><maml:description><maml:para>The Move-ADDirectoryServer cmdlet moves a directory server in Active Directory to a new site within the same domain. </maml:para><maml:para>The Identity parameter specifies the directory server to move. You can specify a directory server object by one of the following values: -- Name of the server object (name) -- Distinguished Name (DN) of the NTDS Settings object -- Distinguished Name (DN) of the server object that represents the directory server -- GUID (objectGUID) of server object under the configuration partition -- GUID (objectGUID) of NTDS settings object under the configuration partition</maml:para><maml:para>You can also set the Identity parameter to a directory server object variable such as $<localDirectoryServerObject>, or you can pass an object through the pipeline to the Identity parameter. For example, you can use the Get-ADDomainController cmdlet to get a directory server object and then pass that object through the pipeline to the Move-ADDirectoryServer cmdlet. </maml:para><maml:para>The Site parameter specifies the new site for the directory server. You can identify a site by its distinguished name (DN) or GUID. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Move-ADDirectoryServer</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory server object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. </maml:para><maml:para>-- Name of the server object (name)</maml:para><maml:para>For AD LDS instances the syntax is of a name is <computer-name>$<instance-name></maml:para><maml:para>Note: When you type this value in Windows PowerShell, you must use the backtick (`) as an escape character for the dollar sign ($), for example, asia-w7-vm4`$instance1. </maml:para><maml:para>For other Active Directory instances, use the value of the name property. -- Distinguished Name of the NTDS Settings object -- Distinguished Name of the server object that represents the directory server -- GUID (objectGUID) of server object under the configuration partition -- GUID (objectGUID) of NTDS settings object under the configuration partition</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDirectoryServer</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Site</maml:name><maml:description><maml:para>Specifies the new site for the directory server. You can identify the site by one of the following property values. Note: The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- Name (name)</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSite</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory server object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. </maml:para><maml:para>-- Name of the server object (name)</maml:para><maml:para>For AD LDS instances the syntax is of a name is <computer-name>$<instance-name></maml:para><maml:para>Note: When you type this value in Windows PowerShell, you must use the backtick (`) as an escape character for the dollar sign ($), for example, asia-w7-vm4`$instance1. </maml:para><maml:para>For other Active Directory instances, use the value of the name property. -- Distinguished Name of the NTDS Settings object -- Distinguished Name of the server object that represents the directory server -- GUID (objectGUID) of server object under the configuration partition -- GUID (objectGUID) of NTDS settings object under the configuration partition</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDirectoryServer</command:parameterValue><dev:type><maml:name>ADDirectoryServer</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Site</maml:name><maml:description><maml:para>Specifies the new site for the directory server. You can identify the site by one of the following property values. Note: The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- Name (name)</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSite</command:parameterValue><dev:type><maml:name>ADReplicationSite</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADDirectoryServer</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A directory server object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Move-ADDirectoryServer -Identity "FABRIKAM-DC2" -Site "Branch-Office-Site" </dev:code><dev:remarks><maml:para>This command moves the domain controller FABRIKAM-DC2 to the site Branch-Office-Site.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADDomainController -Filter {IsReadOnly -eq $true} | Move-ADDirectoryServer -site "RODC-Site-Name" </dev:code><dev:remarks><maml:para>This command moves all Read Only Domain Controllers to the site RODC-Site-Name.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291057</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Move-ADDirectoryServerOperationMasterRole</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Move-ADDirectoryServerOperationMasterRole</command:name><maml:description><maml:para>Moves operation master roles to an Active Directory directory server. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Move</command:verb><command:noun>ADDirectoryServerOperationMasterRole</command:noun><dev:version /></command:details><maml:description><maml:para>The Move-ADDirectoryServerOperationMasterRole cmdlet moves one or more operation master roles to a directory server. You can move operation master roles to a directory server in a different domain if the credentials are the same in both domains. </maml:para><maml:para>The Identity parameter specifies the directory server that receives the roles. You can specify a directory server object by one of the following values: -- Name of the server object (name) -- Distinguished Name (DN) of the NTDS Settings object -- Distinguished Name (DN) of the server object that represents the directory server -- GUID (objectGUID) of server object under the configuration partition -- GUID (objectGUID) of NTDS settings object under the configuration partition </maml:para><maml:para>For AD LDS instances the syntax for the server object name is <computer-name>$<instance-name>. The following is an example of this syntax: </maml:para><maml:para>asia-w7-vm4$instance1 </maml:para><maml:para>When you type this value in Windows PowerShell, you must use the backtick (`) as an escape character for the dollar sign ($). Therefore, for this example, you would type the following: </maml:para><maml:para>asia-w7-vm4`$instance1 </maml:para><maml:para>You can also set the parameter to a directory server object variable, such as $<localDirectoryServerObject>. </maml:para><maml:para>The Move-ADDirectoryServerOperationMasteRole cmdlet provides two options for moving operation master roles:</maml:para><maml:para>1. Role transfer, which involves transferring roles to be moved by running the cmdlet using the Identity parameter to specify the current role holder and the OperationMasterRole parameter to specify the roles for transfer. This is the recommended option. </maml:para><maml:para>Operation roles include PDCEmulator, RIDMaster, InfrastructureMaster, SchemaMaster, or DomainNamingMaster. To specify more than one role, use a comma-separated list. </maml:para><maml:para>2. Role seizure, which involves seizing roles you previously attempted to transfer by running the cmdlet a second time using the same parameters as the transfer operation, and adding the Force parameter. The Force parameter must be used as a switch to indicate that seizure, instead of transfer, of operation master roles is being performed. This operation still attempts graceful transfer first, then seizes if transfer is not possible. </maml:para><maml:para>Unlike using Ntdsutil.exe to move operation master roles, the Move-ADDirectoryServerOperationMasteRole cmdlet can be remotely executed from any domain joined computer where the Active Directory PowerShell administration module is installed and available for use. This can make the process of moving roles simpler and easier to centrally administer as each of the two command operations required can be run remotely and do not have to be locally executed at each of the corresponding role holders involved in the movement of the roles, i.e. role transfer only allowed at the old role holder, role seizure only allowed at the new role holder. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Move-ADDirectoryServerOperationMasterRole</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory server object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. </maml:para><maml:para>-- Name of the server object (name) </maml:para><maml:para>For AD LDS instances the syntax is of a name is <computer-name>$<instance-name>.</maml:para><maml:para>Note: When you type this value in Windows PowerShell, you must use the backtick (`) as an escape character for the dollar sign ($). For instance, asia-w7-vm4`$instance1. </maml:para><maml:para>For other Active Directory instances, use the value of the name property. -- Distinguished Name of the NTDS Settings object -- Distinguished Name of the server object that represents the directory server -- GUID (objectGUID) of server object under the configuration partition -- GUID (objectGUID) of NTDS settings object under the configuration partition </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDirectoryServer</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>OperationMasterRole</maml:name><maml:description><maml:para>Specifies one or more operation master roles to move to the specified directory server in Active Directory Domain Services. The acceptable values for this parameter are: -- PDCEmulator or 0 -- RIDMaster or 1 -- InfrastructureMaster or 2 -- SchemaMaster or 3 -- DomainNamingMaster or 4</maml:para><maml:para>To specify multiple operation master roles, use a comma-separated list. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="true">PDCEmulator</command:parameterValue><command:parameterValue required="true" variableLength="true">RIDMaster</command:parameterValue><command:parameterValue required="true" variableLength="true">InfrastructureMaster</command:parameterValue><command:parameterValue required="true" variableLength="true">SchemaMaster</command:parameterValue><command:parameterValue required="true" variableLength="true">DomainNamingMaster</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Force</maml:name><maml:description><maml:para>Indicates that the cmdlet is used for seize operations on domain controllers with the flexible single master operations (FSMO) role.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Force</maml:name><maml:description><maml:para>Indicates that the cmdlet is used for seize operations on domain controllers with the flexible single master operations (FSMO) role.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory server object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. </maml:para><maml:para>-- Name of the server object (name) </maml:para><maml:para>For AD LDS instances the syntax is of a name is <computer-name>$<instance-name>.</maml:para><maml:para>Note: When you type this value in Windows PowerShell, you must use the backtick (`) as an escape character for the dollar sign ($). For instance, asia-w7-vm4`$instance1. </maml:para><maml:para>For other Active Directory instances, use the value of the name property. -- Distinguished Name of the NTDS Settings object -- Distinguished Name of the server object that represents the directory server -- GUID (objectGUID) of server object under the configuration partition -- GUID (objectGUID) of NTDS settings object under the configuration partition </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDirectoryServer</command:parameterValue><dev:type><maml:name>ADDirectoryServer</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>OperationMasterRole</maml:name><maml:description><maml:para>Specifies one or more operation master roles to move to the specified directory server in Active Directory Domain Services. The acceptable values for this parameter are: -- PDCEmulator or 0 -- RIDMaster or 1 -- InfrastructureMaster or 2 -- SchemaMaster or 3 -- DomainNamingMaster or 4</maml:para><maml:para>To specify multiple operation master roles, use a comma-separated list. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADOperationMasterRole[]</command:parameterValue><dev:type><maml:name>ADOperationMasterRole[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue>See notes</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADDirectoryServer</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A directory server object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADDirectoryServer</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the modified directory server object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Move-ADDirectoryServerOperationMasterRole -Identity "FABRIKAM-DC1" -OperationMasterRole PDCEmulator </dev:code><dev:remarks><maml:para>This command moves the PDC Emulator role to the Domain Controller FABRIKAM-DC1.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Move-ADDirectoryServerOperationMasterRole -Identity "FABRIKAM-DC2" -OperationMasterRole PDCEmulator,SchemaMaster </dev:code><dev:remarks><maml:para>This command moves the PDC Emulator and Schema Master roles to the Domain Controller FABRIKAM-DC2.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Move-ADDirectoryServerOperationMasterRole -Identity Fabrikam-DC`$instance1 -OperationMasterRole schemaMaster -server Fabrikam-DC:50000 </dev:code><dev:remarks><maml:para>This command moves the schema master FSMO owner to the AD LDS instance instance1 on the server Fabrikam-DC.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Move-ADDirectoryServerOperationMasterRole -Identity FABRIKAM-DC1 -OperationMasterRole RIDMaster,InfrastructureMaster,DomainNamingMaster -Force </dev:code><dev:remarks><maml:para>This command seizes the roles RID master, infrastructure master, and domain naming master. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code> PS C:\>$server = Get-ADDomainController -Identity "TK5-CORP-DC-10.fabrikam.com" PS C:\> Move-ADDirectoryServerOperationMasterRole -Identity $server -OperationMasterRole SchemaMaster,DomainNamingMaster,PDCEmulator,RIDMaster,InfrastructureMaster </dev:code><dev:remarks><maml:para>This command transfers the flexible single master operations (FSMO) role to the specified domain controller. When using the fully qualified domain name (FQDN) to identify the domain controller, the Get-ADDomainController cmdlet must be used first as a preliminary step. There is a known issue where the Move-ADDirectoryServerOperationMasterRole cmdlet fails when an FQDN is specified directly as the value of the Identity parameter. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291058</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Move-ADDirectoryServer</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Move-ADObject</command:name><maml:description><maml:para>Moves an Active Directory object or a container of objects to a different container or domain. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Move</command:verb><command:noun>ADObject</command:noun><dev:version /></command:details><maml:description><maml:para>The Move-ADObject cmdlet moves an object or a container of objects from one container to another or from one domain to another. </maml:para><maml:para>The Identity parameter specifies the Active Directory object or container to move. You can identify an object or container by its distinguished name (DN) or GUID. You can also set the Identity parameter to an object variable such as $<localObject>, or you can pass an object through the pipeline to the Identity parameter. For example, you can use the Get-ADObject cmdlet to retrieve an object and then pass the object through the pipeline to the Move-ADObject cmdlet. You can also use the Get-ADGroup, Get-ADUser, Get-ADComputer, Get-ADServiceAccount, Get-ADOrganizationalUnit, and Get-ADFineGrainedPasswordPolicy cmdlets to get an object that you can pass through the pipeline to this cmdlet. </maml:para><maml:para>The TargetPath parameter must be specified. This parameter identifies the new location for the object or container. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Move-ADObject</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy -- Microsoft.ActiveDirectory.Management.ADDomain</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADObject</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>TargetPath</maml:name><maml:description><maml:para>Specifies the new location for the object. This location must be the path to a container or organizational unit. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TargetServer</maml:name><maml:description><maml:para>Specifies the Active Directory instance to use by providing the following value for a corresponding domain name or directory server. </maml:para><maml:para>Note: A cross domain move requires a FQDN server name. </maml:para><maml:para>Domain name values: -- Fully qualified domain name (FQDN)</maml:para><maml:para>Directory server values: -- Fully qualified directory server name -- Fully qualified directory server name and port </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy -- Microsoft.ActiveDirectory.Management.ADDomain</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADObject</command:parameterValue><dev:type><maml:name>ADObject</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>TargetPath</maml:name><maml:description><maml:para>Specifies the new location for the object. This location must be the path to a container or organizational unit. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TargetServer</maml:name><maml:description><maml:para>Specifies the Active Directory instance to use by providing the following value for a corresponding domain name or directory server. </maml:para><maml:para>Note: A cross domain move requires a FQDN server name. </maml:para><maml:para>Domain name values: -- Fully qualified domain name (FQDN)</maml:para><maml:para>Directory server values: -- Fully qualified directory server name -- Fully qualified directory server name and port </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.AObject</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An Active Directory object is received by the Identity parameter. Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADOrganizationalUnit -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Move-ADObject -Identity "OU=ManagedGroups,DC=Fabrikam,DC=Com" -TargetPath "OU=Managed,DC=Fabrikam,DC=Com" </dev:code><dev:remarks><maml:para>This command moves the Organizational Unit ManagedGroups to a new location. The OU ManagedGroups must not be protected from accidental deletion for the successful move.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Move-ADObject -Identity "8d0bcc44-c826-4dd8-af5c-2c69960fbd47" -TargetPath "OU=Managed,DC=Fabrikam,DC=Com" </dev:code><dev:remarks><maml:para>This command moves the object identified by the specified GUID to the new location.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Move-ADObject -Identity "8d0bcc44-c826-4dd8-af5c-2c69960fbd47" -TargetPath "1c2ea8a8-c2b7-4a87-8190-0e8a166aee16" </dev:code><dev:remarks><maml:para>This command moves an object to a new location. Both the object and the target path are specified using GUIDs. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Move-ADObject -Identity "CN=Peter Bankov,OU=Accounting,DC=Fabrikam,DC=com" -TargetPath "OU=Accounting,DC=Europe,DC=Fabrikam,DC=com" -TargetServer "server01.europe.fabrikam.com" </dev:code><dev:remarks><maml:para>This command moves an object with DistinguishedName CN=Peter Bankov,OU=Accounting,DC=Fabrikam,DC=com to a different domain.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Move-ADObject -Identity "CN=AccountLeads,DC=AppNC" -TargetPath "OU=AccountDeptOU,DC=AppNC" -Server "FABRIKAM-SRV1:60000" </dev:code><dev:remarks><maml:para>This command moves an object to a new location within an LDS instance.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291059</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Rename-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Restore-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADObject</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>New-ADAuthenticationPolicy</command:name><maml:description><maml:para>Creates an Active Directory Domain Services authentication policy object.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>New</command:verb><command:noun>ADAuthenticationPolicy</command:noun><dev:version /></command:details><maml:description><maml:para>The New-ADAuthenticationPolicy creates an authentication policy object in Active Directory® Domain Services. </maml:para><maml:para>Commonly used attributes of the object can be specified by the parameters of this cmdlet. To set attributes for the object that are not represented by the parameters of this cmdlet, specify the OtherAttributes parameter. </maml:para><maml:para>You can use the pipeline operator and the <maml:navigationLink><maml:linkText>Import-Csv</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet to pass a list for bulk creation of objects in the directory. You can also specify a template object by using the Instance parameter to create objects from a template.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>New-ADAuthenticationPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory Domain Services object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ComputerAllowedToAuthenticateTo</maml:name><maml:description><maml:para>Specifies the security descriptor definition language (SDDL) string of the security descriptor used to determine if the computer can authenticate to this account. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ComputerTGTLifetimeMins</maml:name><maml:description><maml:para>Specifies the lifetime in minutes for non-renewable ticket granting tickets (TGTs) for computer accounts. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description for the object. This parameter sets the value of the description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Enforce</maml:name><maml:description><maml:para>Indicates that the authentication policy is enforced. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of an ADAuthenticationPolicy object to use as a template for a new ADAuthenticationPolicyobject. To get the ADAuthenticationPolicy object to use as a template, use the Get-ADAuthenticationPolicy cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies a list of object attribute values for attributes that are not represented by other parameters. You can set one or more attributes at the same time with this parameter, and if an attribute takes more than one value you can assign multiple values. To identify an attribute, specify the LDAPDisplayName (ldapDisplayName) defined for it in the Active Directory Domain Services schema.</maml:para><maml:para>Specify the attribute and the value of the attribute in the following format: @{'AttributeLDAPDisplayName'=value}. </maml:para><maml:para>To specify multiple values for an attribute, specify a comma separated list the values for the display name. You can specify values for more than one attribute by using semicolons to separate attribute value pairs. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Indicates whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1 </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ServiceAllowedToAuthenticateFrom</maml:name><maml:description><maml:para>Specifies an access control expression used to determine from which devices the service can authenticate.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ServiceAllowedToAuthenticateTo</maml:name><maml:description><maml:para>Specifies the SDDL string of the security descriptor used to determine if the service can authenticate to this account. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ServiceTGTLifetimeMins</maml:name><maml:description><maml:para>Specifies the lifetime in minutes for non-renewable TGTs for service accounts. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>UserAllowedToAuthenticateFrom</maml:name><maml:description><maml:para>Specifies an access control expression used to determine from which devices the users can authenticate.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>UserAllowedToAuthenticateTo</maml:name><maml:description><maml:para>Specifies the SDDL string of the security descriptor used to determine if the users can authenticate to this account. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>UserTGTLifetimeMins</maml:name><maml:description><maml:para>Specifies the lifetime in minutes for non-renewable TGTs for user accounts. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ComputerAllowedToAuthenticateTo</maml:name><maml:description><maml:para>Specifies the security descriptor definition language (SDDL) string of the security descriptor used to determine if the computer can authenticate to this account. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ComputerTGTLifetimeMins</maml:name><maml:description><maml:para>Specifies the lifetime in minutes for non-renewable ticket granting tickets (TGTs) for computer accounts. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description for the object. This parameter sets the value of the description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Enforce</maml:name><maml:description><maml:para>Indicates that the authentication policy is enforced. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of an ADAuthenticationPolicy object to use as a template for a new ADAuthenticationPolicyobject. To get the ADAuthenticationPolicy object to use as a template, use the Get-ADAuthenticationPolicy cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory Domain Services object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies a list of object attribute values for attributes that are not represented by other parameters. You can set one or more attributes at the same time with this parameter, and if an attribute takes more than one value you can assign multiple values. To identify an attribute, specify the LDAPDisplayName (ldapDisplayName) defined for it in the Active Directory Domain Services schema.</maml:para><maml:para>Specify the attribute and the value of the attribute in the following format: @{'AttributeLDAPDisplayName'=value}. </maml:para><maml:para>To specify multiple values for an attribute, specify a comma separated list the values for the display name. You can specify values for more than one attribute by using semicolons to separate attribute value pairs. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Indicates whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1 </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue>$true</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ServiceAllowedToAuthenticateFrom</maml:name><maml:description><maml:para>Specifies an access control expression used to determine from which devices the service can authenticate.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ServiceAllowedToAuthenticateTo</maml:name><maml:description><maml:para>Specifies the SDDL string of the security descriptor used to determine if the service can authenticate to this account. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ServiceTGTLifetimeMins</maml:name><maml:description><maml:para>Specifies the lifetime in minutes for non-renewable TGTs for service accounts. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>UserAllowedToAuthenticateFrom</maml:name><maml:description><maml:para>Specifies an access control expression used to determine from which devices the users can authenticate.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>UserAllowedToAuthenticateTo</maml:name><maml:description><maml:para>Specifies the SDDL string of the security descriptor used to determine if the users can authenticate to this account. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>UserTGTLifetimeMins</maml:name><maml:description><maml:para>Specifies the lifetime in minutes for non-renewable TGTs for user accounts. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>System.String: System.Nullable`1[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]], System.Management.Automation.SwitchParameter: System.Nullable`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>System.Object</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>Example 1: Create an authentication policy with a user TGT lifetime</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> New-ADAuthenticationPolicy -Name "AuthenticationPolicy01" -UserTGTLifetimeMins 60 </dev:code><dev:remarks><maml:para>This command creates an authentication policy object named AuthenticationPolicy01 and sets the TGT lifetime for a user account to 60 minutes. Because the Enforce parameter is not specified, the authentication policy created is in audit mode. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 2: Create an enforced authentication policy </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> New-ADAuthenticationPolicy -Name "AuthenticationPolicy02" -Enforce </dev:code><dev:remarks><maml:para>This command creates an authentication policy named AuthenticationPolicy02 and enforces it by specifying the Enforce parameter.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 3: Create an authentication policy</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> New-ADAuthenticationPolicy -Name "testAuthenticationPolicy" -UserAllowedToAuthenticateFrom (Get-Acl .\someFile.txt).sddl </dev:code><dev:remarks><maml:para>This command creates an authentication policy named TestAuthenticationPolicy. The UserAllowedToAuthenticationFrom parameter specifies the devices from which users are allowed to authenticate by an SDDL string in the file named someFile.txt</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=288462</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADAuthenticationPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADAuthenticationPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADAuthenticationPolicy</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>New-ADAuthenticationPolicySilo</command:name><maml:description><maml:para>Creates an Active Directory Domain Services authentication policy silo object.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>New</command:verb><command:noun>ADAuthenticationPolicySilo</command:noun><dev:version /></command:details><maml:description><maml:para>The New-ADAuthenticationPolicySilo cmdlet creates an authentication policy silo object in Active Directory® Domain Services. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>New-ADAuthenticationPolicySilo</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory Domain Services object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ComputerAuthenticationPolicy</maml:name><maml:description><maml:para>Specifies the authentication policy that applies to computer accounts.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description for the object. This parameter sets the value of the description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Enforce</maml:name><maml:description><maml:para>Indicates that the authentication policy silo is enforced.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of an ADAuthenticationPolicySilo object to use as a template for a new ADAuthenticationPolicySilo object. To get the ADAuthenticationPolicySilo object to use as a template, use the Get-ADAuthenticationPolicySilo cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies a list of object attribute values for attributes that are not represented by other parameters. You can set one or more attributes at the same time with this parameter, and if an attribute takes more than one value you can assign multiple values. To identify an attribute, specify the LDAP Display Name (ldapDisplayName) defined for it in the Active Directory Domain Services schema. </maml:para><maml:para>Specify the attribute and the value of the attribute in the following format: @{'AttributeLDAPDisplayName'=value}. </maml:para><maml:para>To specify multiple values for an attribute, specify a comma separated list the values for the display name. You can specify values for more than one attribute by using semicolons to separate attribute value pairs. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Indicates whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ServiceAuthenticationPolicy</maml:name><maml:description><maml:para>Specifies the authentication policy that applies to managed service accounts.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>UserAuthenticationPolicy</maml:name><maml:description><maml:para>Specifies the authentication policy that applies to user accounts.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ComputerAuthenticationPolicy</maml:name><maml:description><maml:para>Specifies the authentication policy that applies to computer accounts.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description for the object. This parameter sets the value of the description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Enforce</maml:name><maml:description><maml:para>Indicates that the authentication policy silo is enforced.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of an ADAuthenticationPolicySilo object to use as a template for a new ADAuthenticationPolicySilo object. To get the ADAuthenticationPolicySilo object to use as a template, use the Get-ADAuthenticationPolicySilo cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicySilo</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory Domain Services object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies a list of object attribute values for attributes that are not represented by other parameters. You can set one or more attributes at the same time with this parameter, and if an attribute takes more than one value you can assign multiple values. To identify an attribute, specify the LDAP Display Name (ldapDisplayName) defined for it in the Active Directory Domain Services schema. </maml:para><maml:para>Specify the attribute and the value of the attribute in the following format: @{'AttributeLDAPDisplayName'=value}. </maml:para><maml:para>To specify multiple values for an attribute, specify a comma separated list the values for the display name. You can specify values for more than one attribute by using semicolons to separate attribute value pairs. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Indicates whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue>$true</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ServiceAuthenticationPolicy</maml:name><maml:description><maml:para>Specifies the authentication policy that applies to managed service accounts.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>UserAuthenticationPolicy</maml:name><maml:description><maml:para>Specifies the authentication policy that applies to user accounts.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADAuthenticationPolicy, System.String, System.Management.Automation.SwitchParameter: System.Nullable`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>System.Object</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>Example 1: Create an authentication policy silo and enforce it</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADAuthenticationPolicySilo -Name AuthenticationPolicySilo01 -Enforce </dev:code><dev:remarks><maml:para>This command creates an authentication policy silo object and enforces it.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 2: Create an authentication policy silo without enforcement</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADAuthenticationPolicySilo -Name AuthenticationPolicySilo02 </dev:code><dev:remarks><maml:para>This command creates an authentication policy silo object but does not enforce it.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=290130</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADAuthenticationPolicySilo</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADAuthenticationPolicySilo</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADAuthenticationPolicySilo</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>New-ADCentralAccessPolicy</command:name><maml:description><maml:para>Creates a new central access policy in Active Directory containing a set of central access rules. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>New</command:verb><command:noun>ADCentralAccessPolicy</command:noun><dev:version /></command:details><maml:description><maml:para>The New-ADCentralAccessPolicy cmdlet creates a new central access policy in Active Directory. A central access policy in Active Directory contains a set of central access rules. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>New-ADCentralAccessPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of an Active Directory object to use as a template for a new Active Directory object.</maml:para><maml:para>You can use an instance of an existing Active Directory object as a template or you can construct a new Active Directory object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing Active Directory object as a template for a new object. To retrieve an instance of an existing Active Directory object, use a cmdlet such as Get-ADObject. Then provide this object to the Instance parameter of the New-ADObject cmdlet to create a new Active Directory object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADObject and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADObject cmdlet to create the new Active Directory object.</maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADCentralAccessPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of an Active Directory object to use as a template for a new Active Directory object.</maml:para><maml:para>You can use an instance of an existing Active Directory object as a template or you can construct a new Active Directory object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing Active Directory object as a template for a new object. To retrieve an instance of an existing Active Directory object, use a cmdlet such as Get-ADObject. Then provide this object to the Instance parameter of the New-ADObject cmdlet to create a new Active Directory object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADObject and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADObject cmdlet to create the new Active Directory object.</maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADCentralAccessPolicy</command:parameterValue><dev:type><maml:name>ADCentralAccessPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADCentralAccessPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An Active Directory object that is a template for the new object is received by the Instance parameter.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADCentralAccessPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the new central access policy object when the PassThru parameter is specified. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$DepartmentResourceProperty = Get-ADResourceProperty -Identity Department PS C:\> $ResourceCondition = "(@RESOURCE." + $DepartmentResourceProperty.Name + " Contains {`"Finance`"})" PS C:\> New-ADCentralAccessRule -Name "Finance Documents Rule" -ResourceCondition $ResourceCondition </dev:code><dev:remarks><maml:para>This example creates a new central access rule named Finance Documents Rule with a new resource condition. The resource condition scopes the resources to ones containing the value Finance in their Department resource property.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$CountryClaimType = Get-ADClaimType -Identity Country PS C:\> $DepartmentClaimType = Get-ADClaimType -Identity Department PS C:\> $CountryResourceProperty = Get-ADResourceProperty -Identity Country PS C:\> $DepartmentResourceProperty = Get-ADResourceProperty -Identity Department PS C:\> $FinanceException = Get-ADGroup -Identity FinanceException PS C:\> $FinanceAdmin = Get-ADGroup -Identity FinanceAdmin PS C:\> $ResourceCondition = "(@RESOURCE." + $departmentResourceProperty.Name + " Contains {`"Finance`"})" PS C:\> $CurrentAcl = "O:SYG:SYD:AR(A;;FA;;;OW)(A;;FA;;;BA)(A;;0x1200a9;;;" + $FinanceException.SID.Value + ")(A;;0x1301bf;;;" + $FinanceAdmin.SID.Value + ")(A;;FA;;;SY)(XA;;0x1200a9;;;AU;((@USER." + $CountryClaimType.Name + " Any_of @RESOURCE." + $CountryResourceProperty.Name + ") && (@USER." + $DepartmentClaimType.Name + " Any_of @RESOURCE." + $DepartmentResourceProperty.Name + ")))" PS C:\> Set-ADCentralAccessRule -Identity "Finance Documents Rule" -ResourceCondition $ResourceCondition -CurrentAcl $CurrentAcl </dev:code><dev:remarks><maml:para>This example creates a new central access rule named Finance Documents Rule with a new resource condition and new permissions. </maml:para><maml:para>The new rule specifies that documents should only be read by members of the Finance department. Members of the Finance department should only be able to access documents in their own country. Only Finance Administrators should have write access. The rule allows an exception for members of the FinanceException group. This group will have read access.</maml:para><maml:para>Targeting: -- Resource.Department Contains Finance</maml:para><maml:para>Access rules: -- Allow Read User.Country=Resource.Country AND User.department = Resource.Department -- Allow Full control User.MemberOf(FinanceAdmin) -- Allow Read User.Country=Resource.Country AND User.department = Resource.DepartmentAllow Read User.MemberOf(FinanceException)</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADCentralAccessPolicy -Identity "Finance Policy" | New-ADCentralAccessPolicy -Name "Human Resources Policy" -Description "For the Human Resources Department." </dev:code><dev:remarks><maml:para>This example creates a new central access policy named Human Resources Policy using the property values from Finance Policy, and set the description to For the Human Resources Department. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291060</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADCentralAccessPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADCentralAccessPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADCentralAccessPolicy</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>New-ADCentralAccessRule</command:name><maml:description><maml:para>Creates a new central access rule in Active Directory.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>New</command:verb><command:noun>ADCentralAccessRule</command:noun><dev:version /></command:details><maml:description><maml:para>The New-ADCentralAccessRule cmdlet creates a new central access rule in Active Directory. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>New-ADCentralAccessRule</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>CurrentAcl</maml:name><maml:description><maml:para>Specifies the currently effective access control list (ACL) of the rule. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of an Active Directory object to use as a template for a new Active Directory object.</maml:para><maml:para>You can use an instance of an existing Active Directory object as a template or you can construct a new Active Directory object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing Active Directory object as a template for a new object. To retrieve an instance of an existing Active Directory object, use a cmdlet such as Get-ADObject. Then provide this object to the Instance parameter of the New-ADObject cmdlet to create a new Active Directory object. You can override property values of the new object by setting the appropriate parameters.</maml:para><maml:para>Method 2: Create a new ADObject and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADObject cmdlet to create the new Active Directory object.</maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADCentralAccessRule</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProposedAcl</maml:name><maml:description><maml:para>This parameter specifies the proposed accessed control list (ACL) of the rule. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ResourceCondition</maml:name><maml:description><maml:para>This parameter specifies the resource condition of the rule.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>CurrentAcl</maml:name><maml:description><maml:para>Specifies the currently effective access control list (ACL) of the rule. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of an Active Directory object to use as a template for a new Active Directory object.</maml:para><maml:para>You can use an instance of an existing Active Directory object as a template or you can construct a new Active Directory object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing Active Directory object as a template for a new object. To retrieve an instance of an existing Active Directory object, use a cmdlet such as Get-ADObject. Then provide this object to the Instance parameter of the New-ADObject cmdlet to create a new Active Directory object. You can override property values of the new object by setting the appropriate parameters.</maml:para><maml:para>Method 2: Create a new ADObject and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADObject cmdlet to create the new Active Directory object.</maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADCentralAccessRule</command:parameterValue><dev:type><maml:name>ADCentralAccessRule</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProposedAcl</maml:name><maml:description><maml:para>This parameter specifies the proposed accessed control list (ACL) of the rule. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ResourceCondition</maml:name><maml:description><maml:para>This parameter specifies the resource condition of the rule.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADCentralAccessRule</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An Active Directory object that is a template for the new object is received by the Instance parameter.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADCentralAccessRule</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the new central access rule object when the PassThru parameter is specified. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADCentralAccessRule -Name "Finance Documents Rule" </dev:code><dev:remarks><maml:para>This command creates a new central access rule named Finance Documents Rule.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291061</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADCentralAccessRule</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADCentralAccessRule</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADCentralAccessRule</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>New-ADClaimTransformPolicy</command:name><maml:description><maml:para>Creates a new claim transformation policy object in Active Directory.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>New</command:verb><command:noun>ADClaimTransformPolicy</command:noun><dev:version /></command:details><maml:description><maml:para>The New-ADClaimTransformPolicy cmdlet creates a new claims transformation policy object in Active Directory. A claims transformation policy object contains a set of rules authored in the transformation rule language. After creating a policy object, you can link it with a forest trust to apply the claims transformation to the trust.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>New-ADClaimTransformPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password.</maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AllowAll</maml:name><maml:description><maml:para>Indicates that the policy sets a claims transformation rule that would allow all claims to be sent or received.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>New-ADClaimTransformPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password.</maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AllowAllExcept</maml:name><maml:description><maml:para>Specifies an array of claim types. When this parameter is specified, the policy sets a claims transformation rule that would allow all claims to be sent or received except for the specified claim types. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADClaimType[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>New-ADClaimTransformPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password.</maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>DenyAll</maml:name><maml:description><maml:para>Indicates that the policy sets a claims transformation rule that would deny all claims to be sent or received. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>New-ADClaimTransformPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password.</maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>DenyAllExcept</maml:name><maml:description><maml:para>Specifies an array of claim types. When this parameter is specified, the policy sets a claims transformation rule that would deny all claims to be sent or received except for the specified claim types. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADClaimType[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>New-ADClaimTransformPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password.</maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of an Active Directory object to use as a template for a new claims transformation policy object.</maml:para><maml:para>You can use an instance of an existing claims transformation policy object as a template or you can construct a new claims transformation policy object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing claims transformation policy object as a template for a new object. To retrieve an instance of an existing claims transformation policy object, use a cmdlet such as Get-ADClaimTransformPolicy. Then provide this object to the Instance parameter of the New-ADClaimTransformPolicy cmdlet to create a new claims transformation policy object. You can override property values of the new object by setting the appropriate parameters.</maml:para><maml:para>Method 2: Create a new ADClaimsTransformationPolicy and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADClaimTransformPolicy cmdlet to create the new Active Directory object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimTransformPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Rule</maml:name><maml:description><maml:para>Represents the claims transformation rule. To specify the rule, you can either (1) type the rule in a text file, and then pass the file to the cmdlet (recommended), or (2) type the rule inline. </maml:para><maml:para>For example, the following commands demonstrate how to create a new claims transformation policy object with the rule specified in a text file named Rule.txt located in a temporary folder C:\temp. </maml:para><maml:para>$rule = Get-Content C:\temp\rule.txt; </maml:para><maml:para>New-ADClaimTransformPolicy MyRule -Rule $rule </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AllowAll</maml:name><maml:description><maml:para>Indicates that the policy sets a claims transformation rule that would allow all claims to be sent or received.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AllowAllExcept</maml:name><maml:description><maml:para>Specifies an array of claim types. When this parameter is specified, the policy sets a claims transformation rule that would allow all claims to be sent or received except for the specified claim types. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADClaimType[]</command:parameterValue><dev:type><maml:name>ADClaimType[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password.</maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>DenyAll</maml:name><maml:description><maml:para>Indicates that the policy sets a claims transformation rule that would deny all claims to be sent or received. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>DenyAllExcept</maml:name><maml:description><maml:para>Specifies an array of claim types. When this parameter is specified, the policy sets a claims transformation rule that would deny all claims to be sent or received except for the specified claim types. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADClaimType[]</command:parameterValue><dev:type><maml:name>ADClaimType[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of an Active Directory object to use as a template for a new claims transformation policy object.</maml:para><maml:para>You can use an instance of an existing claims transformation policy object as a template or you can construct a new claims transformation policy object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing claims transformation policy object as a template for a new object. To retrieve an instance of an existing claims transformation policy object, use a cmdlet such as Get-ADClaimTransformPolicy. Then provide this object to the Instance parameter of the New-ADClaimTransformPolicy cmdlet to create a new claims transformation policy object. You can override property values of the new object by setting the appropriate parameters.</maml:para><maml:para>Method 2: Create a new ADClaimsTransformationPolicy and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADClaimTransformPolicy cmdlet to create the new Active Directory object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimTransformPolicy</command:parameterValue><dev:type><maml:name>ADClaimTransformPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Rule</maml:name><maml:description><maml:para>Represents the claims transformation rule. To specify the rule, you can either (1) type the rule in a text file, and then pass the file to the cmdlet (recommended), or (2) type the rule inline. </maml:para><maml:para>For example, the following commands demonstrate how to create a new claims transformation policy object with the rule specified in a text file named Rule.txt located in a temporary folder C:\temp. </maml:para><maml:para>$rule = Get-Content C:\temp\rule.txt; </maml:para><maml:para>New-ADClaimTransformPolicy MyRule -Rule $rule </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADClaimTransformPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A claims transformation policy object that is a template for the new claims transformation policy object is received by the Instance parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADClaimTransformPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADClaimTransformPolicy -Name "DenyAllPolicy" -DenyAll </dev:code><dev:remarks><maml:para>This command creates a new claims transformation policy named DenyAllPolicy that denies all claims, both those that are sent as well as those that are received.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADClaimTransformPolicy -Name "AllowAllExceptCompanyAndDepartmentPolicy" -AllowAllExcept Company,Department </dev:code><dev:remarks><maml:para>This command creates a new claims transformation policy named AllowAllExceptCompanyAndDepartmentPolicy that allows all claims to be sent or received except for the claims Company and Department. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADClaimTransformPolicy -Name "HumanResourcesToHrPolicy" -Rule 'C1:[Type=="ad://ext/Department:88ceb0fe88a125db", Value=="Human Resources", ValueType=="string"] => issue(Type=C1.Type, Value="HR", ValueType=C1.ValueType);' </dev:code><dev:remarks><maml:para>This command creates a new claims transformation policy named HumanResourcesToHrPolicy that transforms the value Human Resources to HR in the claim Department. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$rule = Get-Content C:\rule.txt PS C:\> New-ADClaimTransformPolicy -Name "MyRule" -Rule $rule </dev:code><dev:remarks><maml:para>This example creates a new claims transformation policy named MyRule with the rule specified in C:\rule.txt.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291062</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>New-ADClaimType</command:name><maml:description><maml:para>Creates a new claim type in Active Directory. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>New</command:verb><command:noun>ADClaimType</command:noun><dev:version /></command:details><maml:description><maml:para>The New-ADClaimType cmdlet creates a new claim type in Active Directory.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>New-ADClaimType</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the claim type, which must be unique. The display name of a claim type can be used as an identity in other Active Directory cmdlets. For example, if the display name of a claim type is Employee Type, then you can use the Get-ADClaimType cmdlet to retrieve the Employee Type claim type.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AppliesToClasses</maml:name><maml:description><maml:para>This parameter is used to specify the security principal classes to which this claim applies. Possible values for this parameter include the following or any Active Directory type that derives from these base types: -- User -- Computer -- InetOrgPerson -- msDS-ManagedServiceAccount -- msDS-GroupManagedServiceAccount</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Specifies whether the claim type is enabled. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ID</maml:name><maml:description><maml:para>Specifies the claim type ID. This is an optional parameter. By default, New-ADClaimType generates the ID automatically.</maml:para><maml:para>The ID should only be set manually in a multi-forest environment where the same claim types need to work across forests. For claim types to be considered identical across forests, their ID must be the same.</maml:para><maml:para>To specify the ID, the ID string must conform to the following format: -- The ID must have a maximum of 37 characters. -- The ID must have at least one slash (/). -- The ID must have at least one colon before the first slash. -- The ID must not have the slash as the last character. -- The ID must contain valid file characters only.</maml:para><maml:para>An example is ad://ext/BusinessImpact.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of an claim type object to use as a template for a new claim type object. </maml:para><maml:para>You can use an instance of an existing claim type object as a template or you can construct a new claim type object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing claim type object as a template for a new object. To retrieve an instance of an existing claim type object, use a cmdlet such as Get-ADClaimType. Then provide this object to the Instance parameter of the New-ADClaimType cmdlet to create a new claim type object. You can override property values of the new object by setting the appropriate parameters.</maml:para><maml:para>Method 2: Create a new claim type and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADClaimType cmdlet to create the new claim type object.</maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimType</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>IsSingleValued</maml:name><maml:description><maml:para>Specifies whether the claim type is single valued or multi-valued.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAPDisplayName (ldapDisplayName) defined for it in the Active Directory schema. </maml:para><maml:para>Syntax: </maml:para><maml:para>To specify a single value for an attribute: </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value} </maml:para><maml:para>To specify multiple values for an attribute </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...} </maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>RestrictValues</maml:name><maml:description><maml:para>This parameter is used to specify whether the claim type may have values outside of the SuggestedValues parameter. If this is set to true, then the claim should only have values specified in the SuggestedValues parameter.</maml:para><maml:para>Note that Active Directory does not enforce this restriction. It is up to the applications that use these claims to enforce the restriction.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>SuggestedValues</maml:name><maml:description><maml:para>Specifies one or more suggested values for the claim type. An application may choose to present this list of suggested values for the user to choose from. When the RestrictValues parameter is set to a value of $True, the application should limit the user to selecting values from this list only.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADSuggestedValueEntry[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>SourceAttribute</maml:name><maml:description><maml:para>Specifies an Active Directory attribute from which this claim type is based, and from which the claim value is obtained. The input must be the distinguished name (DN), Name, or GUID of the attribute definition in the schema.</maml:para><maml:para>Acceptable values include attributes of the following schema class objects:User, InetOrgPerson, Computer, ManagedServiceAccount, GroupManagedServiceAccount, and Auxiliary, except for the following attributes: -- Attributes marked as defunct in the schema- Blocked attributes such as dBCSPwd, lmPwdHistory, and unicodePwd -- Attributes that are not replicated -- Attributes that are not available on read-only domain controllers -- Attributes with syntaxes not based on the following: ---- String Object (DS-DN) ---- String (Unicode) ---- Boolean ---- Integer ---- Large Integer ---- String (OID) ---- String (SD)</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>New-ADClaimType</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the claim type, which must be unique. The display name of a claim type can be used as an identity in other Active Directory cmdlets. For example, if the display name of a claim type is Employee Type, then you can use the Get-ADClaimType cmdlet to retrieve the Employee Type claim type.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AppliesToClasses</maml:name><maml:description><maml:para>This parameter is used to specify the security principal classes to which this claim applies. Possible values for this parameter include the following or any Active Directory type that derives from these base types: -- User -- Computer -- InetOrgPerson -- msDS-ManagedServiceAccount -- msDS-GroupManagedServiceAccount</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Specifies whether the claim type is enabled. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ID</maml:name><maml:description><maml:para>Specifies the claim type ID. This is an optional parameter. By default, New-ADClaimType generates the ID automatically.</maml:para><maml:para>The ID should only be set manually in a multi-forest environment where the same claim types need to work across forests. For claim types to be considered identical across forests, their ID must be the same.</maml:para><maml:para>To specify the ID, the ID string must conform to the following format: -- The ID must have a maximum of 37 characters. -- The ID must have at least one slash (/). -- The ID must have at least one colon before the first slash. -- The ID must not have the slash as the last character. -- The ID must contain valid file characters only.</maml:para><maml:para>An example is ad://ext/BusinessImpact.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of an claim type object to use as a template for a new claim type object. </maml:para><maml:para>You can use an instance of an existing claim type object as a template or you can construct a new claim type object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing claim type object as a template for a new object. To retrieve an instance of an existing claim type object, use a cmdlet such as Get-ADClaimType. Then provide this object to the Instance parameter of the New-ADClaimType cmdlet to create a new claim type object. You can override property values of the new object by setting the appropriate parameters.</maml:para><maml:para>Method 2: Create a new claim type and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADClaimType cmdlet to create the new claim type object.</maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimType</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>IsSingleValued</maml:name><maml:description><maml:para>Specifies whether the claim type is single valued or multi-valued.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAPDisplayName (ldapDisplayName) defined for it in the Active Directory schema. </maml:para><maml:para>Syntax: </maml:para><maml:para>To specify a single value for an attribute: </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value} </maml:para><maml:para>To specify multiple values for an attribute </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...} </maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>RestrictValues</maml:name><maml:description><maml:para>This parameter is used to specify whether the claim type may have values outside of the SuggestedValues parameter. If this is set to true, then the claim should only have values specified in the SuggestedValues parameter.</maml:para><maml:para>Note that Active Directory does not enforce this restriction. It is up to the applications that use these claims to enforce the restriction.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>SourceOID</maml:name><maml:description><maml:para>Specifies a string that can be used to configure a certificate-based claim type source. For example, use this parameter to create certificate-based claim types when you want to use smartcard logon claims for authorization decisions. The SourceOID parameter uses the string representation of an object identifier (OID) from the issuance policy found in the certificate and on the certificate template when using Active Directory Certificate Services. An example of an OID is 1.3.6.1.4.1.311.47.2.5.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>New-ADClaimType</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the claim type, which must be unique. The display name of a claim type can be used as an identity in other Active Directory cmdlets. For example, if the display name of a claim type is Employee Type, then you can use the Get-ADClaimType cmdlet to retrieve the Employee Type claim type.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AppliesToClasses</maml:name><maml:description><maml:para>This parameter is used to specify the security principal classes to which this claim applies. Possible values for this parameter include the following or any Active Directory type that derives from these base types: -- User -- Computer -- InetOrgPerson -- msDS-ManagedServiceAccount -- msDS-GroupManagedServiceAccount</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Specifies whether the claim type is enabled. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ID</maml:name><maml:description><maml:para>Specifies the claim type ID. This is an optional parameter. By default, New-ADClaimType generates the ID automatically.</maml:para><maml:para>The ID should only be set manually in a multi-forest environment where the same claim types need to work across forests. For claim types to be considered identical across forests, their ID must be the same.</maml:para><maml:para>To specify the ID, the ID string must conform to the following format: -- The ID must have a maximum of 37 characters. -- The ID must have at least one slash (/). -- The ID must have at least one colon before the first slash. -- The ID must not have the slash as the last character. -- The ID must contain valid file characters only.</maml:para><maml:para>An example is ad://ext/BusinessImpact.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of an claim type object to use as a template for a new claim type object. </maml:para><maml:para>You can use an instance of an existing claim type object as a template or you can construct a new claim type object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing claim type object as a template for a new object. To retrieve an instance of an existing claim type object, use a cmdlet such as Get-ADClaimType. Then provide this object to the Instance parameter of the New-ADClaimType cmdlet to create a new claim type object. You can override property values of the new object by setting the appropriate parameters.</maml:para><maml:para>Method 2: Create a new claim type and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADClaimType cmdlet to create the new claim type object.</maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimType</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>IsSingleValued</maml:name><maml:description><maml:para>Specifies whether the claim type is single valued or multi-valued.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAPDisplayName (ldapDisplayName) defined for it in the Active Directory schema. </maml:para><maml:para>Syntax: </maml:para><maml:para>To specify a single value for an attribute: </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value} </maml:para><maml:para>To specify multiple values for an attribute </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...} </maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>RestrictValues</maml:name><maml:description><maml:para>This parameter is used to specify whether the claim type may have values outside of the SuggestedValues parameter. If this is set to true, then the claim should only have values specified in the SuggestedValues parameter.</maml:para><maml:para>Note that Active Directory does not enforce this restriction. It is up to the applications that use these claims to enforce the restriction.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>SuggestedValues</maml:name><maml:description><maml:para>Specifies one or more suggested values for the claim type. An application may choose to present this list of suggested values for the user to choose from. When the RestrictValues parameter is set to a value of $True, the application should limit the user to selecting values from this list only.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADSuggestedValueEntry[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>SourceTransformPolicy</maml:name><maml:description><maml:para>Indicates that the claim type is sourced from the claims transformation policy engine.</maml:para></maml:description></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ValueType</maml:name><maml:description><maml:para>Specifies the value type for this claim type. The following are the valid value types: -- Int64 -- UInt64 -- String -- FQBN -- SID -- Boolean -- OctetString </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Invalid</command:parameterValue><command:parameterValue required="true" variableLength="false">Int64</command:parameterValue><command:parameterValue required="true" variableLength="false">UInt64</command:parameterValue><command:parameterValue required="true" variableLength="false">String</command:parameterValue><command:parameterValue required="true" variableLength="false">FQBN</command:parameterValue><command:parameterValue required="true" variableLength="false">SID</command:parameterValue><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><command:parameterValue required="true" variableLength="false">OctetString</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AppliesToClasses</maml:name><maml:description><maml:para>This parameter is used to specify the security principal classes to which this claim applies. Possible values for this parameter include the following or any Active Directory type that derives from these base types: -- User -- Computer -- InetOrgPerson -- msDS-ManagedServiceAccount -- msDS-GroupManagedServiceAccount</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue>Depending on SourceAttribute / SourceOID, the value is set to User / Computer respectively</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the claim type, which must be unique. The display name of a claim type can be used as an identity in other Active Directory cmdlets. For example, if the display name of a claim type is Employee Type, then you can use the Get-ADClaimType cmdlet to retrieve the Employee Type claim type.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Specifies whether the claim type is enabled. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue>True</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ID</maml:name><maml:description><maml:para>Specifies the claim type ID. This is an optional parameter. By default, New-ADClaimType generates the ID automatically.</maml:para><maml:para>The ID should only be set manually in a multi-forest environment where the same claim types need to work across forests. For claim types to be considered identical across forests, their ID must be the same.</maml:para><maml:para>To specify the ID, the ID string must conform to the following format: -- The ID must have a maximum of 37 characters. -- The ID must have at least one slash (/). -- The ID must have at least one colon before the first slash. -- The ID must not have the slash as the last character. -- The ID must contain valid file characters only.</maml:para><maml:para>An example is ad://ext/BusinessImpact.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue>Auto-generated</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of an claim type object to use as a template for a new claim type object. </maml:para><maml:para>You can use an instance of an existing claim type object as a template or you can construct a new claim type object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing claim type object as a template for a new object. To retrieve an instance of an existing claim type object, use a cmdlet such as Get-ADClaimType. Then provide this object to the Instance parameter of the New-ADClaimType cmdlet to create a new claim type object. You can override property values of the new object by setting the appropriate parameters.</maml:para><maml:para>Method 2: Create a new claim type and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADClaimType cmdlet to create the new claim type object.</maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimType</command:parameterValue><dev:type><maml:name>ADClaimType</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>IsSingleValued</maml:name><maml:description><maml:para>Specifies whether the claim type is single valued or multi-valued.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue>True</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAPDisplayName (ldapDisplayName) defined for it in the Active Directory schema. </maml:para><maml:para>Syntax: </maml:para><maml:para>To specify a single value for an attribute: </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value} </maml:para><maml:para>To specify multiple values for an attribute </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...} </maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>RestrictValues</maml:name><maml:description><maml:para>This parameter is used to specify whether the claim type may have values outside of the SuggestedValues parameter. If this is set to true, then the claim should only have values specified in the SuggestedValues parameter.</maml:para><maml:para>Note that Active Directory does not enforce this restriction. It is up to the applications that use these claims to enforce the restriction.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue>True</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>SourceAttribute</maml:name><maml:description><maml:para>Specifies an Active Directory attribute from which this claim type is based, and from which the claim value is obtained. The input must be the distinguished name (DN), Name, or GUID of the attribute definition in the schema.</maml:para><maml:para>Acceptable values include attributes of the following schema class objects:User, InetOrgPerson, Computer, ManagedServiceAccount, GroupManagedServiceAccount, and Auxiliary, except for the following attributes: -- Attributes marked as defunct in the schema- Blocked attributes such as dBCSPwd, lmPwdHistory, and unicodePwd -- Attributes that are not replicated -- Attributes that are not available on read-only domain controllers -- Attributes with syntaxes not based on the following: ---- String Object (DS-DN) ---- String (Unicode) ---- Boolean ---- Integer ---- Large Integer ---- String (OID) ---- String (SD)</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>SourceOID</maml:name><maml:description><maml:para>Specifies a string that can be used to configure a certificate-based claim type source. For example, use this parameter to create certificate-based claim types when you want to use smartcard logon claims for authorization decisions. The SourceOID parameter uses the string representation of an object identifier (OID) from the issuance policy found in the certificate and on the certificate template when using Active Directory Certificate Services. An example of an OID is 1.3.6.1.4.1.311.47.2.5.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>SourceTransformPolicy</maml:name><maml:description><maml:para>Indicates that the claim type is sourced from the claims transformation policy engine.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>SuggestedValues</maml:name><maml:description><maml:para>Specifies one or more suggested values for the claim type. An application may choose to present this list of suggested values for the user to choose from. When the RestrictValues parameter is set to a value of $True, the application should limit the user to selecting values from this list only.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADSuggestedValueEntry[]</command:parameterValue><dev:type><maml:name>ADSuggestedValueEntry[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ValueType</maml:name><maml:description><maml:para>Specifies the value type for this claim type. The following are the valid value types: -- Int64 -- UInt64 -- String -- FQBN -- SID -- Boolean -- OctetString </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimValueType</command:parameterValue><dev:type><maml:name>ADClaimValueType</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADClaimType</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADClaimType</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADClaimType -DisplayName "Title" -SourceAttribute "title" </dev:code><dev:remarks><maml:para>This command creates a new user claim type with display name Title that is sourced from the AD attribute title. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$fullTime = New-Object Microsoft.ActiveDirectory.Management.ADSuggestedValueEntry("FTE", "Full-Time", "Full-time employee") PS C:\> $intern = New-Object Microsoft.ActiveDirectory.Management.ADSuggestedValueEntry("Intern", "Intern", "Student employee") PS C:\> $contractor = New-Object Microsoft.ActiveDirectory.Management.ADSuggestedValueEntry("Contractor", "Contractor", "Contract employee") PS C:\> New-ADClaimType -DisplayName "Employee Type" -SourceAttribute "employeeType" -SuggestedValues $fullTime,$intern,$contractor </dev:code><dev:remarks><maml:para>This example creates a new user claim type with display name Employee Type that is sourced from the AD attribute employeeType. The suggested values are set to FTE, Intern, and Contractor. Applications using this claim type would allow their users to specify one of the suggested values as this claim type's value. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADClaimType -DisplayName "Bitlocker Enabled" -SourceOID "1.3.6.1.4.1.311.67.1.1" -Enabled $False </dev:code><dev:remarks><maml:para>This command creates a new device claim type with display name Bitlocker Enabled with the source OID 1.3.6.1.4.1.311.67.1.1. The claim type set to disabled.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADClaimType -DisplayName "Title" -SourceAttribute "title" -ID "ad://ext/title" </dev:code><dev:remarks><maml:para>This command creates a new user claim type with display name Title that is sourced from the AD attribute title and ID set to ad://ext/title. </maml:para><maml:para>The ID should only be set manually in a multi-forest environment where the same claim type needs to work across forests. By default, New-ADClaimType generates the ID automatically. For claim types to be considered identical across forests, their ID must be the same. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADClaimType -DisplayName "SourceForest" -SourceTransformPolicy -ValueType String </dev:code><dev:remarks><maml:para>This command creates a new claim type with display name SourceForest that is sourced from the claims transformation policy engine.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291063</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>New-ADComputer</command:name><maml:description><maml:para>Creates a new Active Directory computer.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>New</command:verb><command:noun>ADComputer</command:noun><dev:version /></command:details><maml:description><maml:para>The New-ADComputer cmdlet creates a new Active Directory computer object. This cmdlet does not join a computer to a domain. You can set commonly used computer property values by using the cmdlet parameters. Property values that are not associated with cmdlet parameters can be modified by using the OtherAttributes parameter. </maml:para><maml:para>You can use this cmdlet to provision a computer account before the computer is added to the domain. These pre-created computer objects can be used with offline domain join, unsecure domain join, and RODC domain join scenarios. </maml:para><maml:para>The Path parameter specifies the container or organizational unit (OU) for the new computer. When you do not specify the Path parameter, the cmdlet creates a computer account in the default container for computer objects in the domain.</maml:para><maml:para>The following methods explain different ways to create an object by using this cmdlet.</maml:para><maml:para>Method 1: Use the New-ADComputer cmdlet, specify the required parameters, and set any additional property values by using the cmdlet parameters.</maml:para><maml:para>Method 2: Use a template to create the new object. To do this, create a new computer object or retrieve a copy of an existing computer object and set the Instance parameter to this object. The object provided to the Instance parameter is used as a template for the new object. You can override property values from the template by setting cmdlet parameters. </maml:para><maml:para>Method 3: Use the <maml:navigationLink><maml:linkText>Import-Csv</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet with the Add-ADComputerServiceAccount cmdlet to create multiple Active Directory computer objects. To do this, use the Import-Csv cmdlet to create the custom objects from a comma-separated value (CSV) file that contains a list of object properties. Then pass these objects to the New-ADComputer cmdlet by using the pipeline operator to create the computer objects.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>New-ADComputer</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AccountExpirationDate</maml:name><maml:description><maml:para>Specifies the expiration date for an account. When you set this parameter to 0, the account never expires. This parameter sets the AccountExpirationDate property of an account object. The LDAP Display name (ldapDisplayName) for this property is accountExpires.</maml:para><maml:para>Use the DateTime syntax when you specify this parameter. Time is assumed to be local time unless otherwise specified. When a time value is not specified, the time is assumed to 12:00:00 AM local time. When a date is not specified, the date is assumed to be the current date. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AccountNotDelegated</maml:name><maml:description><maml:para>Specifies whether the security context of the user is delegated to a service. When this parameter is set to true, the security context of the account is not delegated to a service even when the service account is set as trusted for Kerberos delegation. This parameter sets the AccountNotDelegated property for an Active Directory account. This parameter also sets the ADS_UF_NOT_DELEGATED flag of the Active Directory User Account Control (UAC) attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AccountPassword</maml:name><maml:description><maml:para>Specifies a new password value for an account. This value is stored as an encrypted string. </maml:para><maml:para>The following conditions apply based on the manner in which the password parameter is used: -- $Null password is specified: random password is set and the account is enabled unless it is requested to be disabled. -- No password is specified: random password is set and the account is enabled unless it is requested to be disabled. -- User password is specified: password is set and the account is enabled unless it is requested to be disabled, unless the password you provided does not meet password policy or was not set for other reasons, at which point the account is disabled. </maml:para><maml:para>Notes: Computer accounts, by default, are created with a 240-character random password. If you provide a password, an attempt will be made to set that password however, this can fail due to password policy restrictions. The computer account will still be created and you can use Set-ADAccountPassword to set the password on that account. In order to ensure that accounts remain secure, computer accounts will never be enabled unless a valid password is set (either a randomly-generated or user-provided one) or PasswordNotRequired is set to $True. </maml:para><maml:para>The account is created if the password fails for any reason. </maml:para><maml:para>The new ADComputer object will always either be disabled or have a user-requested or randomly-generated password. There is no way to create an enabled computer account object with a password that violates domain password policy, such as an empty password.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AllowReversiblePasswordEncryption</maml:name><maml:description><maml:para>Specifies whether reversible password encryption is allowed for the account. This parameter sets the AllowReversiblePasswordEncryption property of the account. This parameter also sets the ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED flag of the Active Directory User Account Control (UAC) attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AuthenticationPolicy</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy object. Specify the authentication policy object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AuthenticationPolicySilo</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy silo object. Specify the authentication policy silo object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>CannotChangePassword</maml:name><maml:description><maml:para>Specifies whether the account password can be changed. This parameter sets the CannotChangePassword property of an account. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Certificates</maml:name><maml:description><maml:para>Modifies the DER-encoded X.509v3 certificates of the account. These certificates include the public key certificates issued to this account by the Microsoft Certificate Service. This parameter sets the Certificates property of the account object. The LDAP Display Name (ldapDisplayName) for this property is userCertificate.</maml:para><maml:para>Syntax: </maml:para><maml:para>To add values: </maml:para><maml:para>-Certificates @{Add=value1,value2,...} </maml:para><maml:para>To remove values: </maml:para><maml:para>-Certificates @{Remove=value3,value4,...} </maml:para><maml:para>To replace values: </maml:para><maml:para>-Certificates @{Replace=value1,value2,...} </maml:para><maml:para>To clear all values: </maml:para><maml:para>-Certificates $null </maml:para><maml:para>You can specify more than one operation by using a list separated by semicolons. For example, use the following syntax to add and remove Certificate values </maml:para><maml:para>-Certificates @{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="true">X509Certificate[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ChangePasswordAtLogon</maml:name><maml:description><maml:para>Specifies whether a password must be changed during the next logon attempt. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para><maml:para>This parameter cannot be set to $True or 1 for an account that also has the PasswordNeverExpires property set to $True. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>CompoundIdentitySupported</maml:name><maml:description><maml:para>Specifies whether an account supports Kerberos service tickets which includes the authorization data for the user's device. This value sets the compound identity supported flag of the Active Directory msDS-SupportedEncryptionTypes attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para><maml:para>Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore any changes to the flag on the msDS-SupportedEncryptionTypes attribute will be overwritten by the service or system which manages the setting.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>DNSHostName</maml:name><maml:description><maml:para>Specifies the fully qualified domain name (FQDN) of the computer. This parameter sets the DNSHostName property for a computer object. The LDAP Display Name for this property is dNSHostName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Specifies if an account is enabled. An enabled account requires a password. This parameter sets the Enabled property for an account object. This parameter also sets the ADS_UF_ACCOUNTDISABLE flag of the Active Directory User Account Control (UAC) attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>HomePage</maml:name><maml:description><maml:para>Specifies the URL of the home page of the object. This parameter sets the homePage property of an Active Directory object. The LDAP Display Name (ldapDisplayName) for this property is wWWHomePage.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a computer object to use as a template for a new computer object.</maml:para><maml:para>You can use an instance of an existing computer object as a template or you can construct a new computer object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing computer object as a template for a new object. To retrieve an instance of an existing computer object use Get-ADComputer. Then provide this object to the Instance parameter of the New-ADComputer cmdlet to create a new computer object. You can override property values of the new object by setting the appropriate parameters.</maml:para><maml:para>Method 2: Create a new ADcomputer object and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADcomputer cmdlet to create the new Active Directory computer object.</maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADComputer</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>KerberosEncryptionType</maml:name><maml:description><maml:para>Specifies whether an account supports Kerberos encryption types which are used during creation of service tickets. This value sets the encryption types supported flags of the Active Directory msDS-SupportedEncryptionTypes attribute. The acceptable values for this parameter are: -- None -- DES -- RC4 -- AES128 -- AES256</maml:para><maml:para>None will remove all encryption types from the account which may result in the KDC being unable to issue service tickets for services using the account.</maml:para><maml:para>DES is a weak encryption type which is not supported by default since Windows 7 and Windows Server 2008 R2.</maml:para><maml:para>Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore any changes to the flag on the msDS-SupportedEncryptionTypes attribute will be overwritten by the service or system which manages the setting.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">None</command:parameterValue><command:parameterValue required="true" variableLength="false">DES</command:parameterValue><command:parameterValue required="true" variableLength="false">RC4</command:parameterValue><command:parameterValue required="true" variableLength="false">AES128</command:parameterValue><command:parameterValue required="true" variableLength="false">AES256</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Location</maml:name><maml:description><maml:para>Specifies the location of the computer, such as an office number. This parameter sets the Location property of a computer. The LDAP display name (ldapDisplayName) of this property is location.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ManagedBy</maml:name><maml:description><maml:para>Specifies the user or group that manages the object by providing one of the following property values. Note: The identifier in parentheses is the LDAP display name for the property. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter sets the Active Directory attribute with an LDAP Display Name of managedBy.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADPrincipal</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>OperatingSystem</maml:name><maml:description><maml:para>Specifies an operating system name. This parameter sets the OperatingSystem property of the computer object. The LDAP Display Name (ldapDisplayName) for this property is operatingSystem.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>OperatingSystemHotfix</maml:name><maml:description><maml:para>Specifies an operating system hotfix name. This parameter sets the operatingSystemHotfix property of the computer object. The LDAP display name for this property is operatingSystemHotfix.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>OperatingSystemServicePack</maml:name><maml:description><maml:para>Specifies the name of an operating system service pack. This parameter sets the OperatingSystemServicePack property of the computer object. The LDAP display name (ldapDisplayName) for this property is operatingSystemServicePack.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>OperatingSystemVersion</maml:name><maml:description><maml:para>Specifies an operating system version. This parameter sets the OperatingSystemVersion property of the computer object. The LDAP display name (ldapDisplayName) for this property is operatingSystemVersion.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAP display name (ldapDisplayName) defined for it in the Active Directory schema.</maml:para><maml:para>Syntax: </maml:para><maml:para>To specify a single value for an attribute: </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value} </maml:para><maml:para>To specify multiple values for an attribute </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...} </maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>PasswordNeverExpires</maml:name><maml:description><maml:para>Specifies whether the password of an account can expire. This parameter sets the PasswordNeverExpires property of an account object. This parameter also sets the ADS_UF_DONT_EXPIRE_PASSWD flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para><maml:para>Note: This parameter cannot be set to $True or 1 for an account that also has the ChangePasswordAtLogon property set to $True. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>PasswordNotRequired</maml:name><maml:description><maml:para>Specifies whether the account requires a password. This parameter sets the PasswordNotRequired property of an account, such as a user or computer account. This parameter also sets the ADS_UF_PASSWD_NOTREQD flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created. </maml:para><maml:para>In many cases, a default value will be used for the Path parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Path will be set in the following cases: -- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example: in New-ADUser, the Path parameter would default to the Users container. -- If none of the previous cases apply, the default value of Path will be set to the default partition or naming context of the target domain.</maml:para><maml:para>In AD LDS environments, a default value for Path will be set in the following cases: - If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example: in New-ADUser, the Path parameter would default to the Users container. -- If the target AD LDS instance has a default naming context, the default value of Path will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Path parameter will not take any default value.</maml:para><maml:para>Note: The Active Directory Provider cmdlets, such New-Item, Remove-Item, Remove-ItemProperty, Rename-Item, and Set-ItemProperty also contain a Path property. However, for the provider cmdlets, the Path parameter identifies the path of the actual object and not the container as with the Active Directory cmdlets.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>PrincipalsAllowedToDelegateToAccount</maml:name><maml:description><maml:para>Specifies the accounts which can act on the behalf of users to services running as this computer account. This parameter sets the msDS-AllowedToActOnBehalfOfOtherIdentity attribute of a computer account object.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>SAMAccountName</maml:name><maml:description><maml:para>Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. The maximum length of the description is 256 characters. To be compatible with older operating systems, create a SAM account name that is 15 characters or less. This parameter sets the SAMAccountName for an account object. The LDAP display name (ldapDisplayName) for this property is sAMAccountName. </maml:para><maml:para>Note: If the SAMAccountName string provided does not end with a $, one will be appended if needed.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ServicePrincipalNames</maml:name><maml:description><maml:para>Specifies the service principal names for the account. This parameter sets the ServicePrincipalNames property of the account. The LDAP display name (ldapDisplayName) for this property is servicePrincipalName. This parameter uses the following syntax to add remove, replace or clear service principal name values. </maml:para><maml:para>Syntax: </maml:para><maml:para>To add values: </maml:para><maml:para>-ServicePrincipalNames @{Add=value1,value2,...} </maml:para><maml:para>To remove values: </maml:para><maml:para>-ServicePrincipalNames @{Remove=value3,value4,...} </maml:para><maml:para>To replace values: </maml:para><maml:para>-ServicePrincipalNames @{Replace=value1,value2,...} </maml:para><maml:para>To clear all values: </maml:para><maml:para>-ServicePrincipalNames $null </maml:para><maml:para>You can specify more than one change by using a list separated by semicolons. For example, use the following syntax to add and remove service principal names. </maml:para><maml:para>@{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>TrustedForDelegation</maml:name><maml:description><maml:para>Specifies whether an account is trusted for Kerberos delegation. A service that runs under an account that is trusted for Kerberos delegation can assume the identity of a client requesting the service. This parameter sets the TrustedForDelegation property of an account object. This value also sets the ADS_UF_TRUSTED_FOR_DELEGATION flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>UserPrincipalName</maml:name><maml:description><maml:para>Specifies a user principal name (UPN) in the format <user>@<DNS-domain-name>. A UPN is a friendly name assigned by an administrator that is shorter than the LDAP distinguished name used by the system and easier to remember. The UPN is independent of the user object's DN, so a user object can be moved or renamed without affecting the user logon name. When logging on using a UPN, users no longer have to choose a domain from a list on the logon dialog box.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AccountExpirationDate</maml:name><maml:description><maml:para>Specifies the expiration date for an account. When you set this parameter to 0, the account never expires. This parameter sets the AccountExpirationDate property of an account object. The LDAP Display name (ldapDisplayName) for this property is accountExpires.</maml:para><maml:para>Use the DateTime syntax when you specify this parameter. Time is assumed to be local time unless otherwise specified. When a time value is not specified, the time is assumed to 12:00:00 AM local time. When a date is not specified, the date is assumed to be the current date. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue><dev:type><maml:name>DateTime</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AccountNotDelegated</maml:name><maml:description><maml:para>Specifies whether the security context of the user is delegated to a service. When this parameter is set to true, the security context of the account is not delegated to a service even when the service account is set as trusted for Kerberos delegation. This parameter sets the AccountNotDelegated property for an Active Directory account. This parameter also sets the ADS_UF_NOT_DELEGATED flag of the Active Directory User Account Control (UAC) attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AccountPassword</maml:name><maml:description><maml:para>Specifies a new password value for an account. This value is stored as an encrypted string. </maml:para><maml:para>The following conditions apply based on the manner in which the password parameter is used: -- $Null password is specified: random password is set and the account is enabled unless it is requested to be disabled. -- No password is specified: random password is set and the account is enabled unless it is requested to be disabled. -- User password is specified: password is set and the account is enabled unless it is requested to be disabled, unless the password you provided does not meet password policy or was not set for other reasons, at which point the account is disabled. </maml:para><maml:para>Notes: Computer accounts, by default, are created with a 240-character random password. If you provide a password, an attempt will be made to set that password however, this can fail due to password policy restrictions. The computer account will still be created and you can use Set-ADAccountPassword to set the password on that account. In order to ensure that accounts remain secure, computer accounts will never be enabled unless a valid password is set (either a randomly-generated or user-provided one) or PasswordNotRequired is set to $True. </maml:para><maml:para>The account is created if the password fails for any reason. </maml:para><maml:para>The new ADComputer object will always either be disabled or have a user-requested or randomly-generated password. There is no way to create an enabled computer account object with a password that violates domain password policy, such as an empty password.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue><dev:type><maml:name>SecureString</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AllowReversiblePasswordEncryption</maml:name><maml:description><maml:para>Specifies whether reversible password encryption is allowed for the account. This parameter sets the AllowReversiblePasswordEncryption property of the account. This parameter also sets the ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED flag of the Active Directory User Account Control (UAC) attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AuthenticationPolicy</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy object. Specify the authentication policy object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AuthenticationPolicySilo</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy silo object. Specify the authentication policy silo object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicySilo</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>CannotChangePassword</maml:name><maml:description><maml:para>Specifies whether the account password can be changed. This parameter sets the CannotChangePassword property of an account. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Certificates</maml:name><maml:description><maml:para>Modifies the DER-encoded X.509v3 certificates of the account. These certificates include the public key certificates issued to this account by the Microsoft Certificate Service. This parameter sets the Certificates property of the account object. The LDAP Display Name (ldapDisplayName) for this property is userCertificate.</maml:para><maml:para>Syntax: </maml:para><maml:para>To add values: </maml:para><maml:para>-Certificates @{Add=value1,value2,...} </maml:para><maml:para>To remove values: </maml:para><maml:para>-Certificates @{Remove=value3,value4,...} </maml:para><maml:para>To replace values: </maml:para><maml:para>-Certificates @{Replace=value1,value2,...} </maml:para><maml:para>To clear all values: </maml:para><maml:para>-Certificates $null </maml:para><maml:para>You can specify more than one operation by using a list separated by semicolons. For example, use the following syntax to add and remove Certificate values </maml:para><maml:para>-Certificates @{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="true">X509Certificate[]</command:parameterValue><dev:type><maml:name>X509Certificate[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ChangePasswordAtLogon</maml:name><maml:description><maml:para>Specifies whether a password must be changed during the next logon attempt. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para><maml:para>This parameter cannot be set to $True or 1 for an account that also has the PasswordNeverExpires property set to $True. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>CompoundIdentitySupported</maml:name><maml:description><maml:para>Specifies whether an account supports Kerberos service tickets which includes the authorization data for the user's device. This value sets the compound identity supported flag of the Active Directory msDS-SupportedEncryptionTypes attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para><maml:para>Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore any changes to the flag on the msDS-SupportedEncryptionTypes attribute will be overwritten by the service or system which manages the setting.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>DNSHostName</maml:name><maml:description><maml:para>Specifies the fully qualified domain name (FQDN) of the computer. This parameter sets the DNSHostName property for a computer object. The LDAP Display Name for this property is dNSHostName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Specifies if an account is enabled. An enabled account requires a password. This parameter sets the Enabled property for an account object. This parameter also sets the ADS_UF_ACCOUNTDISABLE flag of the Active Directory User Account Control (UAC) attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>HomePage</maml:name><maml:description><maml:para>Specifies the URL of the home page of the object. This parameter sets the homePage property of an Active Directory object. The LDAP Display Name (ldapDisplayName) for this property is wWWHomePage.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a computer object to use as a template for a new computer object.</maml:para><maml:para>You can use an instance of an existing computer object as a template or you can construct a new computer object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing computer object as a template for a new object. To retrieve an instance of an existing computer object use Get-ADComputer. Then provide this object to the Instance parameter of the New-ADComputer cmdlet to create a new computer object. You can override property values of the new object by setting the appropriate parameters.</maml:para><maml:para>Method 2: Create a new ADcomputer object and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADcomputer cmdlet to create the new Active Directory computer object.</maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADComputer</command:parameterValue><dev:type><maml:name>ADComputer</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>KerberosEncryptionType</maml:name><maml:description><maml:para>Specifies whether an account supports Kerberos encryption types which are used during creation of service tickets. This value sets the encryption types supported flags of the Active Directory msDS-SupportedEncryptionTypes attribute. The acceptable values for this parameter are: -- None -- DES -- RC4 -- AES128 -- AES256</maml:para><maml:para>None will remove all encryption types from the account which may result in the KDC being unable to issue service tickets for services using the account.</maml:para><maml:para>DES is a weak encryption type which is not supported by default since Windows 7 and Windows Server 2008 R2.</maml:para><maml:para>Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore any changes to the flag on the msDS-SupportedEncryptionTypes attribute will be overwritten by the service or system which manages the setting.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADKerberosEncryptionType</command:parameterValue><dev:type><maml:name>ADKerberosEncryptionType</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Location</maml:name><maml:description><maml:para>Specifies the location of the computer, such as an office number. This parameter sets the Location property of a computer. The LDAP display name (ldapDisplayName) of this property is location.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ManagedBy</maml:name><maml:description><maml:para>Specifies the user or group that manages the object by providing one of the following property values. Note: The identifier in parentheses is the LDAP display name for the property. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter sets the Active Directory attribute with an LDAP Display Name of managedBy.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADPrincipal</command:parameterValue><dev:type><maml:name>ADPrincipal</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>OperatingSystem</maml:name><maml:description><maml:para>Specifies an operating system name. This parameter sets the OperatingSystem property of the computer object. The LDAP Display Name (ldapDisplayName) for this property is operatingSystem.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>OperatingSystemHotfix</maml:name><maml:description><maml:para>Specifies an operating system hotfix name. This parameter sets the operatingSystemHotfix property of the computer object. The LDAP display name for this property is operatingSystemHotfix.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>OperatingSystemServicePack</maml:name><maml:description><maml:para>Specifies the name of an operating system service pack. This parameter sets the OperatingSystemServicePack property of the computer object. The LDAP display name (ldapDisplayName) for this property is operatingSystemServicePack.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>OperatingSystemVersion</maml:name><maml:description><maml:para>Specifies an operating system version. This parameter sets the OperatingSystemVersion property of the computer object. The LDAP display name (ldapDisplayName) for this property is operatingSystemVersion.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAP display name (ldapDisplayName) defined for it in the Active Directory schema.</maml:para><maml:para>Syntax: </maml:para><maml:para>To specify a single value for an attribute: </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value} </maml:para><maml:para>To specify multiple values for an attribute </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...} </maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>PasswordNeverExpires</maml:name><maml:description><maml:para>Specifies whether the password of an account can expire. This parameter sets the PasswordNeverExpires property of an account object. This parameter also sets the ADS_UF_DONT_EXPIRE_PASSWD flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para><maml:para>Note: This parameter cannot be set to $True or 1 for an account that also has the ChangePasswordAtLogon property set to $True. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>PasswordNotRequired</maml:name><maml:description><maml:para>Specifies whether the account requires a password. This parameter sets the PasswordNotRequired property of an account, such as a user or computer account. This parameter also sets the ADS_UF_PASSWD_NOTREQD flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created. </maml:para><maml:para>In many cases, a default value will be used for the Path parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Path will be set in the following cases: -- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example: in New-ADUser, the Path parameter would default to the Users container. -- If none of the previous cases apply, the default value of Path will be set to the default partition or naming context of the target domain.</maml:para><maml:para>In AD LDS environments, a default value for Path will be set in the following cases: - If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example: in New-ADUser, the Path parameter would default to the Users container. -- If the target AD LDS instance has a default naming context, the default value of Path will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Path parameter will not take any default value.</maml:para><maml:para>Note: The Active Directory Provider cmdlets, such New-Item, Remove-Item, Remove-ItemProperty, Rename-Item, and Set-ItemProperty also contain a Path property. However, for the provider cmdlets, the Path parameter identifies the path of the actual object and not the container as with the Active Directory cmdlets.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>PrincipalsAllowedToDelegateToAccount</maml:name><maml:description><maml:para>Specifies the accounts which can act on the behalf of users to services running as this computer account. This parameter sets the msDS-AllowedToActOnBehalfOfOtherIdentity attribute of a computer account object.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue><dev:type><maml:name>ADPrincipal[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>SAMAccountName</maml:name><maml:description><maml:para>Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. The maximum length of the description is 256 characters. To be compatible with older operating systems, create a SAM account name that is 15 characters or less. This parameter sets the SAMAccountName for an account object. The LDAP display name (ldapDisplayName) for this property is sAMAccountName. </maml:para><maml:para>Note: If the SAMAccountName string provided does not end with a $, one will be appended if needed.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ServicePrincipalNames</maml:name><maml:description><maml:para>Specifies the service principal names for the account. This parameter sets the ServicePrincipalNames property of the account. The LDAP display name (ldapDisplayName) for this property is servicePrincipalName. This parameter uses the following syntax to add remove, replace or clear service principal name values. </maml:para><maml:para>Syntax: </maml:para><maml:para>To add values: </maml:para><maml:para>-ServicePrincipalNames @{Add=value1,value2,...} </maml:para><maml:para>To remove values: </maml:para><maml:para>-ServicePrincipalNames @{Remove=value3,value4,...} </maml:para><maml:para>To replace values: </maml:para><maml:para>-ServicePrincipalNames @{Replace=value1,value2,...} </maml:para><maml:para>To clear all values: </maml:para><maml:para>-ServicePrincipalNames $null </maml:para><maml:para>You can specify more than one change by using a list separated by semicolons. For example, use the following syntax to add and remove service principal names. </maml:para><maml:para>@{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>TrustedForDelegation</maml:name><maml:description><maml:para>Specifies whether an account is trusted for Kerberos delegation. A service that runs under an account that is trusted for Kerberos delegation can assume the identity of a client requesting the service. This parameter sets the TrustedForDelegation property of an account object. This value also sets the ADS_UF_TRUSTED_FOR_DELEGATION flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>UserPrincipalName</maml:name><maml:description><maml:para>Specifies a user principal name (UPN) in the format <user>@<DNS-domain-name>. A UPN is a friendly name assigned by an administrator that is shorter than the LDAP distinguished name used by the system and easier to remember. The UPN is independent of the user object's DN, so a user object can be moved or renamed without affecting the user logon name. When logging on using a UPN, users no longer have to choose a domain from a list on the logon dialog box.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADComputer</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A computer object that is a template for the new computer object is received by the Instance parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADComputer</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the new computer object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADComputer -Name "FABRIKAM-SRV2" -SamAccountName "FABRIKAM-SRV2" -Path "OU=ApplicationServers,OU=ComputerAccounts,OU=Managed,DC=FABRIKAM,DC=COM" </dev:code><dev:remarks><maml:para>This command creates a new computer account in the OU OU=ApplicationServers,OU=ComputerAccounts,OU=Managed,DC=FABRIKAM,DC=COM. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADComputer -Name "FABRIKAM-SRV3" -SamAccountName "FABRIKAM-SRV3" -Path "OU=ApplicationServers,OU=ComputerAccounts,OU=Managed,DC=FABRIKAM,DC=COM" -Enabled $True -Location "Redmond,WA" </dev:code><dev:remarks><maml:para>This command creates a new computer account under a particular OU, which is enabled and located in Redmond, WA.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$templateComp = Get-ADComputer -Name "LabServer-00" -Properties "Location","OperatingSystem","OperatingSystemHotfix","OperatingSystemServicePack","OperatingSystemVersion" PS C:\> New-ADComputer -Instance $templateComp -Name "LabServer-01" </dev:code><dev:remarks><maml:para>This example creates a new computer account from a template object.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291064</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ADComputerServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADComputer</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADComputerServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADComputer</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADComputerServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADComputer</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADAccountPassword</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADUser</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>New-ADDCCloneConfigFile</command:name><maml:description><maml:para>Performs prerequisite checks for cloning a domain controller and generates a clone configuration file if all checks succeed.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>New</command:verb><command:noun>ADDCCloneConfigFile</command:noun><dev:version /></command:details><maml:description><maml:para>The New-ADDCCloneConfigFile cmdlet performs prerequisite checks for cloning a domain controller (DC) when run locally on the DC being prepared for cloning. This cmdlet generates a clone configuration file, DCCloneConfig.xml, at an appropriate location, if all prerequisite checks succeed.</maml:para><maml:para>There are two modes of operation for this cmdlet, depending on where it is executed. When run on the domain controller that is being prepared for cloning, it will run the following pre-requisite checks to make sure this DC is adequately prepared for cloning: -- Is the PDC emulator FSMO role hosted on a DC running Windows Server 2012? -- Is this computer authorized for DC cloning (i.e. is the computer a member of the Cloneable Domain Controllers group)? -- Are all program and services listed in the output of the Get-ADDCCloningExcludedApplicationList cmdlet captured in CustomDCCloneAllowList.xml?</maml:para><maml:para>If these pre-requisite checks all pass, the New-ADDCCloneConfigFile cmdlet will generate a DCCloneConfig.xml file at a suitable location based on the parameter values supplied. This cmdlet can also be run from a client (with RSAT) and used to generate a DCCloneConfig.xml against offline media of the DC being cloned, however, none of the pre-requisite checks will be performed in this usage mode. This usage is intended to generate DCCloneConfig.xml files with specific configuration values for each clone on copies of the offline media.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>New-ADDCCloneConfigFile</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="cn"><maml:name>CloneComputerName</maml:name><maml:description><maml:para>Specifies the computer name for the cloned DC. If this parameter is not specified as a unique name within the enterprise of 15 characters or less, the following formula is used to programmatically generate a name: -- The first eight characters of the source DC computer name. For example, a source computer name of SourceComputer is truncated to a prefix string of SourceCo. -- A unique naming suffix of the format –CLnnnn is appended to the prefix string where nnnn is the next available value from 0001-9999 that the PDC determines is not currently in use. For example, if 0047 is the next available number within the allowed range, using the above source computer prefix of SourceCo the derived name to use for the clone computer will be SourceCo-CL0047.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IPv4DNSResolver</maml:name><maml:description><maml:para>Specifies the Internet Protocol version 4 (IPv4) address for the DNS server to be used by the cloned DC to resolve names. A maximum of 4 string values can be provided.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the folder path to use when writing the clone configuration file. If the cmdlet is run and all prerequisite checks succeed, a DCCloneConfig.xml file will be written and appear in this location as output. The Path parameter is optional when running the cmdlet on the DC being prepared for cloning. In this case, the default location of the DIT folder will be used and this parameter does not need to be specified. When running the New-DCCLoneConfigFile cmdlet in offline mode (i.e. when the Offline parameter is specified), however, the Path parameter is required.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SiteName</maml:name><maml:description><maml:para>Specifies the name of the Active Directory site in which to place the cloned DC.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>New-ADDCCloneConfigFile</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AlternateWINSServer</maml:name><maml:description><maml:para>Specifies the name of the alternate Windows Internet Naming Service (WINS) server for the cloned DC to use if the preferred WINS Server is not available.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="cn"><maml:name>CloneComputerName</maml:name><maml:description><maml:para>Specifies the computer name for the cloned DC. If this parameter is not specified as a unique name within the enterprise of 15 characters or less, the following formula is used to programmatically generate a name: -- The first eight characters of the source DC computer name. For example, a source computer name of SourceComputer is truncated to a prefix string of SourceCo. -- A unique naming suffix of the format –CLnnnn is appended to the prefix string where nnnn is the next available value from 0001-9999 that the PDC determines is not currently in use. For example, if 0047 is the next available number within the allowed range, using the above source computer prefix of SourceCo the derived name to use for the clone computer will be SourceCo-CL0047.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IPv4Address</maml:name><maml:description><maml:para>Specifies the Internet Protocol version 4 (IPv4) address to be assigned to the cloned DC.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IPv4DefaultGateway</maml:name><maml:description><maml:para>Specifies the Internet Protocol version 4 (IPv4) address for the default gateway to be used by the cloned DC.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IPv4DNSResolver</maml:name><maml:description><maml:para>Specifies the Internet Protocol version 4 (IPv4) address for the DNS server to be used by the cloned DC to resolve names. A maximum of 4 string values can be provided.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IPv4SubnetMask</maml:name><maml:description><maml:para>Specifies the Internet Protocol version 4 (IPv4) subnet mask to use for the subnet where the cloned DC is to be located.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IPv6DNSResolver</maml:name><maml:description><maml:para>Specifies the Internet Protocol version 6 (IPv6) address for the DNS server to be used by the cloned DC to resolve names.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PreferredWINSServer</maml:name><maml:description><maml:para>Specifies the name of the primary Windows Internet Naming Service (WINS) server to use as the preferred WINS Server for the cloned DC.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SiteName</maml:name><maml:description><maml:para>Specifies the name of the Active Directory site in which to place the cloned DC.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Static</maml:name><maml:description><maml:para>Indicates whether the TCP/IP configuration specified for the cloned DC is static or dynamic IP configuration.</maml:para></maml:description></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Offline</maml:name><maml:description><maml:para>Indicates whether the cmdlet is being run against an offline media or on the DC being prepared for cloning. </maml:para></maml:description></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the folder path to use when writing the clone configuration file. If the cmdlet is run and all prerequisite checks succeed, a DCCloneConfig.xml file will be written and appear in this location as output. The Path parameter is optional when running the cmdlet on the DC being prepared for cloning. In this case, the default location of the DIT folder will be used and this parameter does not need to be specified. When running the New-DCCLoneConfigFile cmdlet in offline mode (i.e. when the Offline parameter is specified), however, the Path parameter is required.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>New-ADDCCloneConfigFile</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AlternateWINSServer</maml:name><maml:description><maml:para>Specifies the name of the alternate Windows Internet Naming Service (WINS) server for the cloned DC to use if the preferred WINS Server is not available.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="cn"><maml:name>CloneComputerName</maml:name><maml:description><maml:para>Specifies the computer name for the cloned DC. If this parameter is not specified as a unique name within the enterprise of 15 characters or less, the following formula is used to programmatically generate a name: -- The first eight characters of the source DC computer name. For example, a source computer name of SourceComputer is truncated to a prefix string of SourceCo. -- A unique naming suffix of the format –CLnnnn is appended to the prefix string where nnnn is the next available value from 0001-9999 that the PDC determines is not currently in use. For example, if 0047 is the next available number within the allowed range, using the above source computer prefix of SourceCo the derived name to use for the clone computer will be SourceCo-CL0047.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IPv4DefaultGateway</maml:name><maml:description><maml:para>Specifies the Internet Protocol version 4 (IPv4) address for the default gateway to be used by the cloned DC.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the folder path to use when writing the clone configuration file. If the cmdlet is run and all prerequisite checks succeed, a DCCloneConfig.xml file will be written and appear in this location as output. The Path parameter is optional when running the cmdlet on the DC being prepared for cloning. In this case, the default location of the DIT folder will be used and this parameter does not need to be specified. When running the New-DCCLoneConfigFile cmdlet in offline mode (i.e. when the Offline parameter is specified), however, the Path parameter is required.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PreferredWINSServer</maml:name><maml:description><maml:para>Specifies the name of the primary Windows Internet Naming Service (WINS) server to use as the preferred WINS Server for the cloned DC.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SiteName</maml:name><maml:description><maml:para>Specifies the name of the Active Directory site in which to place the cloned DC.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IPv4Address</maml:name><maml:description><maml:para>Specifies the Internet Protocol version 4 (IPv4) address to be assigned to the cloned DC.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IPv4DNSResolver</maml:name><maml:description><maml:para>Specifies the Internet Protocol version 4 (IPv4) address for the DNS server to be used by the cloned DC to resolve names. A maximum of 4 string values can be provided.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IPv4SubnetMask</maml:name><maml:description><maml:para>Specifies the Internet Protocol version 4 (IPv4) subnet mask to use for the subnet where the cloned DC is to be located.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Static</maml:name><maml:description><maml:para>Indicates whether the TCP/IP configuration specified for the cloned DC is static or dynamic IP configuration.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>New-ADDCCloneConfigFile</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="cn"><maml:name>CloneComputerName</maml:name><maml:description><maml:para>Specifies the computer name for the cloned DC. If this parameter is not specified as a unique name within the enterprise of 15 characters or less, the following formula is used to programmatically generate a name: -- The first eight characters of the source DC computer name. For example, a source computer name of SourceComputer is truncated to a prefix string of SourceCo. -- A unique naming suffix of the format –CLnnnn is appended to the prefix string where nnnn is the next available value from 0001-9999 that the PDC determines is not currently in use. For example, if 0047 is the next available number within the allowed range, using the above source computer prefix of SourceCo the derived name to use for the clone computer will be SourceCo-CL0047.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the folder path to use when writing the clone configuration file. If the cmdlet is run and all prerequisite checks succeed, a DCCloneConfig.xml file will be written and appear in this location as output. The Path parameter is optional when running the cmdlet on the DC being prepared for cloning. In this case, the default location of the DIT folder will be used and this parameter does not need to be specified. When running the New-DCCLoneConfigFile cmdlet in offline mode (i.e. when the Offline parameter is specified), however, the Path parameter is required.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SiteName</maml:name><maml:description><maml:para>Specifies the name of the Active Directory site in which to place the cloned DC.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IPv6DNSResolver</maml:name><maml:description><maml:para>Specifies the Internet Protocol version 6 (IPv6) address for the DNS server to be used by the cloned DC to resolve names.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Static</maml:name><maml:description><maml:para>Indicates whether the TCP/IP configuration specified for the cloned DC is static or dynamic IP configuration.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>New-ADDCCloneConfigFile</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="cn"><maml:name>CloneComputerName</maml:name><maml:description><maml:para>Specifies the computer name for the cloned DC. If this parameter is not specified as a unique name within the enterprise of 15 characters or less, the following formula is used to programmatically generate a name: -- The first eight characters of the source DC computer name. For example, a source computer name of SourceComputer is truncated to a prefix string of SourceCo. -- A unique naming suffix of the format –CLnnnn is appended to the prefix string where nnnn is the next available value from 0001-9999 that the PDC determines is not currently in use. For example, if 0047 is the next available number within the allowed range, using the above source computer prefix of SourceCo the derived name to use for the clone computer will be SourceCo-CL0047.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IPv6DNSResolver</maml:name><maml:description><maml:para>Specifies the Internet Protocol version 6 (IPv6) address for the DNS server to be used by the cloned DC to resolve names.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the folder path to use when writing the clone configuration file. If the cmdlet is run and all prerequisite checks succeed, a DCCloneConfig.xml file will be written and appear in this location as output. The Path parameter is optional when running the cmdlet on the DC being prepared for cloning. In this case, the default location of the DIT folder will be used and this parameter does not need to be specified. When running the New-DCCLoneConfigFile cmdlet in offline mode (i.e. when the Offline parameter is specified), however, the Path parameter is required.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SiteName</maml:name><maml:description><maml:para>Specifies the name of the Active Directory site in which to place the cloned DC.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AlternateWINSServer</maml:name><maml:description><maml:para>Specifies the name of the alternate Windows Internet Naming Service (WINS) server for the cloned DC to use if the preferred WINS Server is not available.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="cn"><maml:name>CloneComputerName</maml:name><maml:description><maml:para>Specifies the computer name for the cloned DC. If this parameter is not specified as a unique name within the enterprise of 15 characters or less, the following formula is used to programmatically generate a name: -- The first eight characters of the source DC computer name. For example, a source computer name of SourceComputer is truncated to a prefix string of SourceCo. -- A unique naming suffix of the format –CLnnnn is appended to the prefix string where nnnn is the next available value from 0001-9999 that the PDC determines is not currently in use. For example, if 0047 is the next available number within the allowed range, using the above source computer prefix of SourceCo the derived name to use for the clone computer will be SourceCo-CL0047.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IPv4Address</maml:name><maml:description><maml:para>Specifies the Internet Protocol version 4 (IPv4) address to be assigned to the cloned DC.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IPv4DefaultGateway</maml:name><maml:description><maml:para>Specifies the Internet Protocol version 4 (IPv4) address for the default gateway to be used by the cloned DC.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IPv4DNSResolver</maml:name><maml:description><maml:para>Specifies the Internet Protocol version 4 (IPv4) address for the DNS server to be used by the cloned DC to resolve names. A maximum of 4 string values can be provided.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IPv4SubnetMask</maml:name><maml:description><maml:para>Specifies the Internet Protocol version 4 (IPv4) subnet mask to use for the subnet where the cloned DC is to be located.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IPv6DNSResolver</maml:name><maml:description><maml:para>Specifies the Internet Protocol version 6 (IPv6) address for the DNS server to be used by the cloned DC to resolve names.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Offline</maml:name><maml:description><maml:para>Indicates whether the cmdlet is being run against an offline media or on the DC being prepared for cloning. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the folder path to use when writing the clone configuration file. If the cmdlet is run and all prerequisite checks succeed, a DCCloneConfig.xml file will be written and appear in this location as output. The Path parameter is optional when running the cmdlet on the DC being prepared for cloning. In this case, the default location of the DIT folder will be used and this parameter does not need to be specified. When running the New-DCCLoneConfigFile cmdlet in offline mode (i.e. when the Offline parameter is specified), however, the Path parameter is required.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PreferredWINSServer</maml:name><maml:description><maml:para>Specifies the name of the primary Windows Internet Naming Service (WINS) server to use as the preferred WINS Server for the cloned DC.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SiteName</maml:name><maml:description><maml:para>Specifies the name of the Active Directory site in which to place the cloned DC.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Static</maml:name><maml:description><maml:para>Indicates whether the TCP/IP configuration specified for the cloned DC is static or dynamic IP configuration.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para></maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para></maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADDCCloneConfigFile -Static -IPv4Address "10.0.0.2" -IPv4DNSResolver "10.0.0.1" -IPv4SubnetMask "255.255.255.0" -CloneComputerName "VirtualDC2" -IPv4DefaultGateway "10.0.0.3" -PreferredWINSServer "10.0.0.1" -SiteName "REDMOND" </dev:code><dev:remarks><maml:para>This command creates a clone domain controller named VirtualDC2 with a static IPv4 address.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADDCCloneConfigFile -Static -CloneComputerName "Clone1" -IPv6DNSResolver "FEC0:0:0:FFFF::1" </dev:code><dev:remarks><maml:para>This command creates a clone domain controller named Clone1 with a static IPv6 setting.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADDCCloneConfigFile -AlternateWINSServer "10.0.0.3" -CloneComputerName "Clone2"-IPv4DNSResolver "10.0.0.1" -PreferredWINSServer "10.0.0.1" </dev:code><dev:remarks><maml:para>This command creates a clone domain controller named Clone2 with dynamic IPv4 settings.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADDCCloneConfigFile -IPv6DNSResolver "FEC0:0:0:FFFF::1" -SiteName "REDMOND" </dev:code><dev:remarks><maml:para>This command creates a clone domain controller with dynamic IPv6 settings.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADDCCloneConfigFile -Static -IPv4Address "10.0.0.2" -IPv4DNSResolver "10.0.0.1" -IPv4SubnetMask "255.255.255.0" -Static -IPv6DNSResolver "FEC0:0:0:FFFF::1" -CloneComputerName "Clone2" -PreferredWINSServer "10.0.0.1" </dev:code><dev:remarks><maml:para>This command creates a clone domain controller named Clone2 with static IPv4 and static IPv6 settings.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 6 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADDCCloneConfigFile -IPv4Address "10.0.0.2" -IPv4DNSResolver "10.0.0.1" -IPv4SubnetMask "255.255.255.0" -IPv4DefaultGateway "10.0.0.3" -IPv6DNSResolver "FEC0:0:0:FFFF::1" </dev:code><dev:remarks><maml:para>This command creates a clone domain controller named Clone2 with static IPv4 and dynamic IPv6 settings.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 7 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADDCCloneConfigFile -Static -IPv6DNSResolver "FEC0:0:0:FFFF::1" -CloneComputerName "Clone1" -PreferredWINSServer "10.0.0.1" -SiteName "REDMOND" </dev:code><dev:remarks><maml:para>This command creates a clone domain controller named Clone1 with dynamic IPv4 and static IPv6 settings.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 8 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADDCCloneConfigFile -IPv4DNSResolver "10.0.0.1" -IPv6DNSResolver "FEC0:0:0:FFFF::1" </dev:code><dev:remarks><maml:para>This command creates a clone domain controller with dynamic IPv4 and dynamic IPv6 settings.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 9 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-DCCloneConfig -Offline -CloneComputerName "CloneDC1" -SiteName CONTOSO -Path F:\Windows\NTDS -Force </dev:code><dev:remarks><maml:para>This command creates a clone domain controller named CloneDC1 in offline mode, in a site called CONTOSO with a dynamic IPv4 address. This command also uses the -Force parameter to force overwrite of any previous DCCloneConfig.xml file created at the specified path, F:\Windows\NTDS.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291065</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADDCCloningExcludedApplicationList</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>New-ADFineGrainedPasswordPolicy</command:name><maml:description><maml:para>Creates a new Active Directory fine-grained password policy.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>New</command:verb><command:noun>ADFineGrainedPasswordPolicy</command:noun><dev:version /></command:details><maml:description><maml:para>The New-ADFineGrainedPasswordPolicy cmdlet creates a new Active Directory fine-grained password policy. You can set commonly used fine-grained password policy property values by using the cmdlet parameters. Property values that are not associated with cmdlet parameters can be set by using the OtherAttributes parameter. </maml:para><maml:para>You must set the Name and Precedence parameters to create a new fine-grained password policy. </maml:para><maml:para>The following methods explain different ways to create an object by using this cmdlet. </maml:para><maml:para>Method 1: Use the New-ADFineGrainedPasswordPolicy cmdlet, specify the required parameters, and set any additional property values by using the cmdlet parameters. </maml:para><maml:para>Method 2: Use a template to create the new object. To do this, create a new fine-grained password policy object or retrieve a copy of an existing fine-grained password policy object and set the Instance parameter to this object. The object provided to the Instance parameter is used as a template for the new object. You can override property values from the template by setting cmdlet parameters. For examples and more information, see the Instance parameter description for this cmdlet. </maml:para><maml:para>Method 3: Use the <maml:navigationLink><maml:linkText>Import-Csv</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet with the New-ADFineGrainedPasswordPolicy cmdlet to create multiple Active Directory fine-grained password policy objects. To do this, use the Import-Csv cmdlet to create the custom objects from a comma-separated value (CSV) file that contains a list of object properties. Then pass these objects through the pipeline operator to the New-ADFineGrainedPasswordPolicy cmdlet to create the fine-grained password policy objects. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>New-ADFineGrainedPasswordPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Precedence</maml:name><maml:description><maml:para>Specifies a value that defines the precedence of a fine-grained password policy among all fine-grained password policies. This parameter sets the Precedence property for a fine-grained password policy. The LDAP display name (ldapDisplayName) for this property is msDS-PasswordSettingsPrecedence.</maml:para><maml:para>This value determines which password policy to use when more than one password policy applies to a user or group. When there is a conflict, the password policy that has the lower Precedence property value has higher priority. For example, if PasswordPolicy1 has a Precedence property value of 200 and PasswordPolicy2 has a Precedence property value of 100, PasswordPolicy2 is used. </maml:para><maml:para>Typically, password policy precedence values are assigned in multiples of 10 or 100, making it easier to add policies at a later time. For example, if you set the initial precedence values for your policies to 100 and 200, you can add another policy that has precedence value of 150. </maml:para><maml:para>If the specified Precedence parameter is already assigned to another password policy object, the cmdlet returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ComplexityEnabled</maml:name><maml:description><maml:para>Specifies whether password complexity is enabled for the password policy. If enabled, the password must contain three of the following four character types: -- Uppercase characters (A, B, C, D, E, ...) -- Lowercase characters (a, b, c, d, e, ...) -- Numerals (0, 1, 2, 3, ...) -- Special characters (#, $, *, %, ...) </maml:para><maml:para>This parameter sets the ComplexityEnabled property of a password policy. The acceptable values for this parameter are: -- $False or 0. Disables password complexity. -- $True or 1. Enables password complexity.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a fine-grained password policy object to use as a template for a new fine-grained password policy object. </maml:para><maml:para>You can use an instance of an existing fine-grained password policy object as a template or you can construct a new fine-grained password policy object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing fine-grained password policy object as a template for a new object. To retrieve an instance of an existing fine-grained password policy object, use a cmdlet such as Get-ADFineGrainedPasswordPolicy. Then provide this object to the Instance parameter of the New-ADFineGrainedPasswordPolicy cmdlet to create a new fine-grained password policy object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADFineGrainedPasswordPolicy object and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADFineGrainedPasswordPolicy cmdlet to create the new Active Directory fine-grained password policy object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADFineGrainedPasswordPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>LockoutDuration</maml:name><maml:description><maml:para>Specifies the length of time that an account is locked after the number of failed login attempts exceeds the lockout threshold. You cannot login to an account that is locked until the lockout duration time period has expired. This parameter sets the lockoutDuration property of a password policy object. The LDAP display name (ldapDisplayName) of this property is msDS-LockoutDuration.</maml:para><maml:para>The lockout duration must be greater than or equal to the lockout observation time for a password policy. Use the LockOutObservationWindow parameter to set the lockout observation time. </maml:para><maml:para>Specify the lockout duration time interval in the following format:</maml:para><maml:para>[-]D.H:M:S.F </maml:para><maml:para>where: </maml:para><maml:para>D = Days (0 to 10675199) </maml:para><maml:para>H = Hours (0 to 23) </maml:para><maml:para>M = Minutes (0 to 59) </maml:para><maml:para>S = Seconds (0 to 59) </maml:para><maml:para>F= Fractions of a second (0 to 9999999) </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>LockoutObservationWindow</maml:name><maml:description><maml:para>Specifies the maximum time interval between two unsuccessful login attempts before the number of unsuccessful login attempts is reset to 0. An account is locked when the number of unsuccessful login attempts exceeds the password policy lockout threshold. This parameter sets the lockoutObservationWindow property of a password policy object. The LDAP Display Name (ldapDisplayName) of this property is msDS-lockoutObservationWindow. </maml:para><maml:para>The lockout observation window must be smaller than or equal to the lockout duration for a password policy. Use the LockoutDuration parameter to set the lockout duration time.</maml:para><maml:para>Specify the time interval in the following format: </maml:para><maml:para>[-]D:H:M:S.F </maml:para><maml:para>where: </maml:para><maml:para>D = Days (0 to 10675199) </maml:para><maml:para>H = Hours (0 to 23) </maml:para><maml:para>M = Minutes (0 to 59) </maml:para><maml:para>S = Seconds (0 to 59) </maml:para><maml:para>F= Fractions of a second (0 to 9999999) </maml:para><maml:para>Note: Time values must be between the following values: 0:0:0:0.0 and 10675199:02:48:05.4775807. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>LockoutThreshold</maml:name><maml:description><maml:para>Specifies the number of unsuccessful login attempts that are permitted before an account is locked out. This number increases when the time between unsuccessful login attempts is less than the time specified for the lockout observation time window. This parameter sets the LockoutThreshold property of a password policy. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>MaxPasswordAge</maml:name><maml:description><maml:para>Specifies the maximum length of time that you can have the same password. After this time period, the password expires and you must create a new one. </maml:para><maml:para>This parameter sets the maxPasswordAge property of a password policy. The LDAP Display Name (ldapDisplayName) for this property is maxPwdAge. </maml:para><maml:para>Specify the time interval in the following format: </maml:para><maml:para>[-]D.H:M:S.F </maml:para><maml:para>where: </maml:para><maml:para>[-] = Specifies a negative time interval </maml:para><maml:para>D = Days (0 to 10675199) </maml:para><maml:para>H = Hours (0 to 23) </maml:para><maml:para>M = Minutes (0 to 59) </maml:para><maml:para>S = Seconds (0 to 59) </maml:para><maml:para>F= Fractions of a second (0 to 9999999) </maml:para><maml:para>Note: Time values must be between the following values: -10675199:02:48:05.4775808 and 10675199:02:48:05.4775807. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>MinPasswordAge</maml:name><maml:description><maml:para>Specifies the minimum length of time before you can change a password. </maml:para><maml:para>This parameter sets the minPasswordAge property of a password policy. The LDAP Display Name (ldapDisplayName) for this property is minPwdAge. </maml:para><maml:para>Specify the time interval in the following format: </maml:para><maml:para>[-]D.H:M:S.F </maml:para><maml:para>where: </maml:para><maml:para>[-] = Specifies a negative time interval </maml:para><maml:para>D = Days (0 to 10675199) </maml:para><maml:para>H = Hours (0 to 23) </maml:para><maml:para>M = Minutes (0 to 59) </maml:para><maml:para>S = Seconds (0 to 59) </maml:para><maml:para>F= Fractions of a second (0 to 9999999) </maml:para><maml:para>Note: Time values must be between the following values: -10675199:02:48:05.4775808 and 10675199:02:48:05.4775807. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>MinPasswordLength</maml:name><maml:description><maml:para>Specifies the minimum number of characters that a password must contain. This parameter sets the MinPasswordLength property of the password policy. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAPDisplayName (ldapDisplayName) defined for it in the Active Directory schema. </maml:para><maml:para>Syntax: </maml:para><maml:para>To specify a single value for an attribute: </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value} </maml:para><maml:para>To specify multiple values for an attribute </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...} </maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>PasswordHistoryCount</maml:name><maml:description><maml:para>Specifies the number of previous passwords to save. A user cannot reuse a password in the list of saved passwords. This parameter sets the PasswordHistoryCount property for a password policy. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ReversibleEncryptionEnabled</maml:name><maml:description><maml:para>Specifies whether the directory must store passwords using reversible encryption. This parameter sets the ReversibleEncryption property for a password policy. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ComplexityEnabled</maml:name><maml:description><maml:para>Specifies whether password complexity is enabled for the password policy. If enabled, the password must contain three of the following four character types: -- Uppercase characters (A, B, C, D, E, ...) -- Lowercase characters (a, b, c, d, e, ...) -- Numerals (0, 1, 2, 3, ...) -- Special characters (#, $, *, %, ...) </maml:para><maml:para>This parameter sets the ComplexityEnabled property of a password policy. The acceptable values for this parameter are: -- $False or 0. Disables password complexity. -- $True or 1. Enables password complexity.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue>$true</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a fine-grained password policy object to use as a template for a new fine-grained password policy object. </maml:para><maml:para>You can use an instance of an existing fine-grained password policy object as a template or you can construct a new fine-grained password policy object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing fine-grained password policy object as a template for a new object. To retrieve an instance of an existing fine-grained password policy object, use a cmdlet such as Get-ADFineGrainedPasswordPolicy. Then provide this object to the Instance parameter of the New-ADFineGrainedPasswordPolicy cmdlet to create a new fine-grained password policy object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADFineGrainedPasswordPolicy object and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADFineGrainedPasswordPolicy cmdlet to create the new Active Directory fine-grained password policy object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADFineGrainedPasswordPolicy</command:parameterValue><dev:type><maml:name>ADFineGrainedPasswordPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>LockoutDuration</maml:name><maml:description><maml:para>Specifies the length of time that an account is locked after the number of failed login attempts exceeds the lockout threshold. You cannot login to an account that is locked until the lockout duration time period has expired. This parameter sets the lockoutDuration property of a password policy object. The LDAP display name (ldapDisplayName) of this property is msDS-LockoutDuration.</maml:para><maml:para>The lockout duration must be greater than or equal to the lockout observation time for a password policy. Use the LockOutObservationWindow parameter to set the lockout observation time. </maml:para><maml:para>Specify the lockout duration time interval in the following format:</maml:para><maml:para>[-]D.H:M:S.F </maml:para><maml:para>where: </maml:para><maml:para>D = Days (0 to 10675199) </maml:para><maml:para>H = Hours (0 to 23) </maml:para><maml:para>M = Minutes (0 to 59) </maml:para><maml:para>S = Seconds (0 to 59) </maml:para><maml:para>F= Fractions of a second (0 to 9999999) </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue><dev:type><maml:name>TimeSpan</maml:name><maml:uri /></dev:type><dev:defaultValue>0.00:30:00 (30 Minutes)</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>LockoutObservationWindow</maml:name><maml:description><maml:para>Specifies the maximum time interval between two unsuccessful login attempts before the number of unsuccessful login attempts is reset to 0. An account is locked when the number of unsuccessful login attempts exceeds the password policy lockout threshold. This parameter sets the lockoutObservationWindow property of a password policy object. The LDAP Display Name (ldapDisplayName) of this property is msDS-lockoutObservationWindow. </maml:para><maml:para>The lockout observation window must be smaller than or equal to the lockout duration for a password policy. Use the LockoutDuration parameter to set the lockout duration time.</maml:para><maml:para>Specify the time interval in the following format: </maml:para><maml:para>[-]D:H:M:S.F </maml:para><maml:para>where: </maml:para><maml:para>D = Days (0 to 10675199) </maml:para><maml:para>H = Hours (0 to 23) </maml:para><maml:para>M = Minutes (0 to 59) </maml:para><maml:para>S = Seconds (0 to 59) </maml:para><maml:para>F= Fractions of a second (0 to 9999999) </maml:para><maml:para>Note: Time values must be between the following values: 0:0:0:0.0 and 10675199:02:48:05.4775807. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue><dev:type><maml:name>TimeSpan</maml:name><maml:uri /></dev:type><dev:defaultValue>0.00.30.00 (30 Minutes)</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>LockoutThreshold</maml:name><maml:description><maml:para>Specifies the number of unsuccessful login attempts that are permitted before an account is locked out. This number increases when the time between unsuccessful login attempts is less than the time specified for the lockout observation time window. This parameter sets the LockoutThreshold property of a password policy. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue>0</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>MaxPasswordAge</maml:name><maml:description><maml:para>Specifies the maximum length of time that you can have the same password. After this time period, the password expires and you must create a new one. </maml:para><maml:para>This parameter sets the maxPasswordAge property of a password policy. The LDAP Display Name (ldapDisplayName) for this property is maxPwdAge. </maml:para><maml:para>Specify the time interval in the following format: </maml:para><maml:para>[-]D.H:M:S.F </maml:para><maml:para>where: </maml:para><maml:para>[-] = Specifies a negative time interval </maml:para><maml:para>D = Days (0 to 10675199) </maml:para><maml:para>H = Hours (0 to 23) </maml:para><maml:para>M = Minutes (0 to 59) </maml:para><maml:para>S = Seconds (0 to 59) </maml:para><maml:para>F= Fractions of a second (0 to 9999999) </maml:para><maml:para>Note: Time values must be between the following values: -10675199:02:48:05.4775808 and 10675199:02:48:05.4775807. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue><dev:type><maml:name>TimeSpan</maml:name><maml:uri /></dev:type><dev:defaultValue>42.00:00:00 (42 days)</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>MinPasswordAge</maml:name><maml:description><maml:para>Specifies the minimum length of time before you can change a password. </maml:para><maml:para>This parameter sets the minPasswordAge property of a password policy. The LDAP Display Name (ldapDisplayName) for this property is minPwdAge. </maml:para><maml:para>Specify the time interval in the following format: </maml:para><maml:para>[-]D.H:M:S.F </maml:para><maml:para>where: </maml:para><maml:para>[-] = Specifies a negative time interval </maml:para><maml:para>D = Days (0 to 10675199) </maml:para><maml:para>H = Hours (0 to 23) </maml:para><maml:para>M = Minutes (0 to 59) </maml:para><maml:para>S = Seconds (0 to 59) </maml:para><maml:para>F= Fractions of a second (0 to 9999999) </maml:para><maml:para>Note: Time values must be between the following values: -10675199:02:48:05.4775808 and 10675199:02:48:05.4775807. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue><dev:type><maml:name>TimeSpan</maml:name><maml:uri /></dev:type><dev:defaultValue>1.00:00:00 (1day)</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>MinPasswordLength</maml:name><maml:description><maml:para>Specifies the minimum number of characters that a password must contain. This parameter sets the MinPasswordLength property of the password policy. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue>7</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAPDisplayName (ldapDisplayName) defined for it in the Active Directory schema. </maml:para><maml:para>Syntax: </maml:para><maml:para>To specify a single value for an attribute: </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value} </maml:para><maml:para>To specify multiple values for an attribute </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...} </maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>PasswordHistoryCount</maml:name><maml:description><maml:para>Specifies the number of previous passwords to save. A user cannot reuse a password in the list of saved passwords. This parameter sets the PasswordHistoryCount property for a password policy. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue>24</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Precedence</maml:name><maml:description><maml:para>Specifies a value that defines the precedence of a fine-grained password policy among all fine-grained password policies. This parameter sets the Precedence property for a fine-grained password policy. The LDAP display name (ldapDisplayName) for this property is msDS-PasswordSettingsPrecedence.</maml:para><maml:para>This value determines which password policy to use when more than one password policy applies to a user or group. When there is a conflict, the password policy that has the lower Precedence property value has higher priority. For example, if PasswordPolicy1 has a Precedence property value of 200 and PasswordPolicy2 has a Precedence property value of 100, PasswordPolicy2 is used. </maml:para><maml:para>Typically, password policy precedence values are assigned in multiples of 10 or 100, making it easier to add policies at a later time. For example, if you set the initial precedence values for your policies to 100 and 200, you can add another policy that has precedence value of 150. </maml:para><maml:para>If the specified Precedence parameter is already assigned to another password policy object, the cmdlet returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ReversibleEncryptionEnabled</maml:name><maml:description><maml:para>Specifies whether the directory must store passwords using reversible encryption. This parameter sets the ReversibleEncryption property for a password policy. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue>$true</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A fine-grained password policy object that is a template for the new fine-grained password policy object is received by the Instance parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the new fine-grained password policy object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADFineGrainedPasswordPolicy -Name "DomainUsersPSO" -Precedence 500 -ComplexityEnabled $true -Description "The Domain Users Password Policy" -DisplayName "Domain Users PSO" -LockoutDuration "0.12:00:00" -LockoutObservationWindow "0.00:15:00" -LockoutThreshold 10 </dev:code><dev:remarks><maml:para>This command creates a new Fine Grained Password Policy object named DomainUsersPSO and set the Precedence, ComplexityEnabled, Description, DisplayName, LockoutDuration, LockoutObservationWindw, and LockoutThreshold properties on the object. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$templatePSO = New-Object Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy PS C:\> $templatePSO.ComplexityEnabled = $true PS C:\> $templatePSO.LockoutDuration = [TimeSpan]::Parse("0.12:00:00") PS C:\> $templatePSO.LockoutObservationWindow = [TimeSpan]::Parse("0.00:15:00") PS C:\> $templatePSO.LockoutThreshold = 10 PS C:\> $templatePSO.MinPasswordAge = [TimeSpan]::Parse("0.00:10:00") PS C:\> $templatePSO.PasswordHistoryCount = 24 PS C:\> $templatePSO.ReversibleEncryptionEnabled = $false PS C:\> New-ADFineGrainedPasswordPolicy -Instance $templatePSO -Name "SvcAccPSO" -Precedence 100 -Description "The Service Accounts Password Policy" -DisplayName "Service Accounts PSO" -MaxPasswordAge "30.00:00:00" -MinPasswordLength 20 PS C:\> New-ADFineGrainedPasswordPolicy -Instance $templatePSO -Name "AdminsPSO" -Precedence 200 -Description "The Domain Administrators Password Policy" -DisplayName "Domain Administrators PSO" -MaxPasswordAge "15.00:00:00" -MinPasswordLength 10 </dev:code><dev:remarks><maml:para>This example creates two new Fine Grained Password Policy objects using a template object. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291066</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADFineGrainedPasswordPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADFineGrainedPasswordPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADFineGrainedPasswordPolicy</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>New-ADGroup</command:name><maml:description><maml:para>Creates an Active Directory group. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>New</command:verb><command:noun>ADGroup</command:noun><dev:version /></command:details><maml:description><maml:para>The New-ADGroup cmdlet creates a new Active Directory group object. Many object properties are defined by setting cmdlet parameters. Properties that cannot be set by cmdlet parameters can be set using the OtherAttributes parameter. </maml:para><maml:para>The Name and GroupScope parameters specify the name and scope of the group and are required to create a new group. You can define the new group as a security or distribution group by setting the GroupType parameter. The Path parameter specifies the container or organizational unit (OU) for the group. </maml:para><maml:para>The following methods explain different ways to create an object by using this cmdlet. </maml:para><maml:para>Method 1: Use the New-ADGroup cmdlet, specify the required parameters, and set any additional property values by using the cmdlet parameters. </maml:para><maml:para>Method 2: Use a template to create the new object. To do this, create a new group object or retrieve a copy of an existing group object and set the Instance parameter to this object. The object provided to the Instance parameter is used as a template for the new object. You can override property values from the template by setting cmdlet parameters. For more information, see the Instance parameter description for this cmdlet. </maml:para><maml:para>Method 3: Use the <maml:navigationLink><maml:linkText>Import-CSV</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet with the New-ADGroup cmdlet to create multiple Active Directory group objects. To do this, use the Import-CSV cmdlet to create the custom objects from a comma-separated value (CSV) file that contains a list of object properties. Then pass these objects through the pipeline to the New-ADGroup cmdlet to create the group objects. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>New-ADGroup</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="3" aliases=""><maml:name>GroupScope</maml:name><maml:description><maml:para>Specifies the group scope of the group. The acceptable values for this parameter are: -- DomainLocal or 0 -- Global or 1 -- Universal or 2</maml:para><maml:para>This parameter sets the GroupScope property of a group object to the specified value. The LDAP display name of this property is groupType. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">DomainLocal</command:parameterValue><command:parameterValue required="true" variableLength="false">Global</command:parameterValue><command:parameterValue required="true" variableLength="false">Universal</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>GroupCategory</maml:name><maml:description><maml:para>Specifies the category of the group. The acceptable values for this parameter are: -- Distribution or 0 -- Security or 1</maml:para><maml:para>This parameter sets the GroupCategory property of the group. This parameter value combined with other group values sets the LDAP Display Name (ldapDisplayName) attribute named groupType.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Distribution</command:parameterValue><command:parameterValue required="true" variableLength="false">Security</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>HomePage</maml:name><maml:description><maml:para>Specifies the URL of the home page of the object. This parameter sets the homePage property of an Active Directory object. The LDAP Display Name (ldapDisplayName) for this property is wWWHomePage.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a group object to use as a template for a new group object. </maml:para><maml:para>You can use an instance of an existing group object as a template or you can construct a new group object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing group object as a template for a new object. Use the Get-ADGroup cmdlet to retrieve a group object then pass this object to the Instance parameter of the New-ADGroup cmdlet to create a new group object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADGroup object and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADGroup cmdlet to create the new group object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADGroup</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ManagedBy</maml:name><maml:description><maml:para>Specifies the user or group that manages the object by providing one of the following property values. Note: The identifier in parentheses is the LDAP display name for the property. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- SAM Account Name (sAMAccountName)</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADPrincipal</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAPDisplayName (ldapDisplayName) defined for it in the Active Directory schema. </maml:para><maml:para>Syntax: </maml:para><maml:para>To specify a single value for an attribute: </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value} </maml:para><maml:para>To specify multiple values for an attribute </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...} </maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created. </maml:para><maml:para>In many cases, a default value will be used for the Path parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Path will be set in the following cases: -- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example: in New-ADUser, the Path parameter would default to the Users container. -- If none of the previous cases apply, the default value of Path will be set to the default partition or naming context of the target domain.</maml:para><maml:para>In AD LDS environments, a default value for Path will be set in the following cases: -- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example: in New-ADUser, the Path parameter would default to the Users container. -- If the target AD LDS instance has a default naming context, the default value of Path will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Path parameter will not take any default value.</maml:para><maml:para>Note: The Active Directory Provider cmdlets, such New-Item, Remove-Item, Remove-ItemProperty, Rename-Item, and Set-ItemProperty also contain a Path property. However, for the provider cmdlets, the Path parameter identifies the path of the actual object and not the container as with the Active Directory cmdlets. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>SamAccountName</maml:name><maml:description><maml:para>Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. The maximum length of the description is 256 characters. To be compatible with older operating systems, create a SAM account name that is 20 characters or less. This parameter sets the SAMAccountName for an account object. The LDAP display name (ldapDisplayName) for this property is sAMAccountName.</maml:para><maml:para>Note: If the string value provided is not terminated with a $ character, the system adds one if needed.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>GroupCategory</maml:name><maml:description><maml:para>Specifies the category of the group. The acceptable values for this parameter are: -- Distribution or 0 -- Security or 1</maml:para><maml:para>This parameter sets the GroupCategory property of the group. This parameter value combined with other group values sets the LDAP Display Name (ldapDisplayName) attribute named groupType.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADGroupCategory</command:parameterValue><dev:type><maml:name>ADGroupCategory</maml:name><maml:uri /></dev:type><dev:defaultValue>Security</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="3" aliases=""><maml:name>GroupScope</maml:name><maml:description><maml:para>Specifies the group scope of the group. The acceptable values for this parameter are: -- DomainLocal or 0 -- Global or 1 -- Universal or 2</maml:para><maml:para>This parameter sets the GroupScope property of a group object to the specified value. The LDAP display name of this property is groupType. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADGroupScope</command:parameterValue><dev:type><maml:name>ADGroupScope</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>HomePage</maml:name><maml:description><maml:para>Specifies the URL of the home page of the object. This parameter sets the homePage property of an Active Directory object. The LDAP Display Name (ldapDisplayName) for this property is wWWHomePage.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a group object to use as a template for a new group object. </maml:para><maml:para>You can use an instance of an existing group object as a template or you can construct a new group object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing group object as a template for a new object. Use the Get-ADGroup cmdlet to retrieve a group object then pass this object to the Instance parameter of the New-ADGroup cmdlet to create a new group object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADGroup object and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADGroup cmdlet to create the new group object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADGroup</command:parameterValue><dev:type><maml:name>ADGroup</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ManagedBy</maml:name><maml:description><maml:para>Specifies the user or group that manages the object by providing one of the following property values. Note: The identifier in parentheses is the LDAP display name for the property. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- SAM Account Name (sAMAccountName)</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADPrincipal</command:parameterValue><dev:type><maml:name>ADPrincipal</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAPDisplayName (ldapDisplayName) defined for it in the Active Directory schema. </maml:para><maml:para>Syntax: </maml:para><maml:para>To specify a single value for an attribute: </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value} </maml:para><maml:para>To specify multiple values for an attribute </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...} </maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created. </maml:para><maml:para>In many cases, a default value will be used for the Path parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Path will be set in the following cases: -- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example: in New-ADUser, the Path parameter would default to the Users container. -- If none of the previous cases apply, the default value of Path will be set to the default partition or naming context of the target domain.</maml:para><maml:para>In AD LDS environments, a default value for Path will be set in the following cases: -- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example: in New-ADUser, the Path parameter would default to the Users container. -- If the target AD LDS instance has a default naming context, the default value of Path will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Path parameter will not take any default value.</maml:para><maml:para>Note: The Active Directory Provider cmdlets, such New-Item, Remove-Item, Remove-ItemProperty, Rename-Item, and Set-ItemProperty also contain a Path property. However, for the provider cmdlets, the Path parameter identifies the path of the actual object and not the container as with the Active Directory cmdlets. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>SamAccountName</maml:name><maml:description><maml:para>Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. The maximum length of the description is 256 characters. To be compatible with older operating systems, create a SAM account name that is 20 characters or less. This parameter sets the SAMAccountName for an account object. The LDAP display name (ldapDisplayName) for this property is sAMAccountName.</maml:para><maml:para>Note: If the string value provided is not terminated with a $ character, the system adds one if needed.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADGroup</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A group object that is a template for the new group object is received by the Instance parameter.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADGroup</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the new group object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADGroup -Name "RODC Admins" -SamAccountName RODCAdmins -GroupCategory Security -GroupScope Global -DisplayName "RODC Administrators" -Path "CN=Users,DC=Fabrikam,DC=Com" -Description "Members of this group are RODC Administrators" </dev:code><dev:remarks><maml:para>This command creates a new group named RODC Admins in the container CN=Users,DC=Fabrikam,DC=Com and set the GroupCategory, DisplayName, GroupScope, and Description properties on the new object. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADGroup FabrikamBranch1 -Properties Description | New-ADGroup -Name Branch1Employees -SamAccountName Branch1Employees -GroupCategory Distribution -PassThru GroupScope : Universal Name : Branch1Employees GroupCategory : Distribution SamAccountName : Branch1Employees ObjectClass : group ObjectGUID : 8eebce44-5df7-4bed-a98b-b987a702103e SID : S-1-5-21-41432690-3719764436-1984117282-1117 DistinguishedName : CN=Branch1Employees,CN=Users,DC=Fabrikam,DC=com </dev:code><dev:remarks><maml:para>This command creates a new group using the property values from a current group.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADGroup -Server localhost:60000 -Path "OU=AccountDeptOU,DC=AppNC" -Name AccountLeads -GroupScope DomainLocal -GroupCategory Distribution </dev:code><dev:remarks><maml:para>This command creates a new group named AccountLeads on an AD LDS instance.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291067</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Import-CSV</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADGroup</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADGroup</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADGroup</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>New-ADObject</command:name><maml:description><maml:para>Creates an Active Directory object. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>New</command:verb><command:noun>ADObject</command:noun><dev:version /></command:details><maml:description><maml:para>The New-ADObject cmdlet creates a new Active Directory object such as a new organizational unit or new user account. You can use this cmdlet to create any type of Active Directory object. Many object properties are defined by setting cmdlet parameters. Properties that are not set by cmdlet parameters can be set by using the OtherAttributes parameter. </maml:para><maml:para>You must set the Name and Type parameters to create a new Active Directory object. The Name specifies the name of the new object. The Type parameter specifies the LDAP display name of the Active Directory Schema Class that represents the type of object you want to create. Examples of Type values include computer, group, organizational unit, and user. </maml:para><maml:para>The Path parameter specifies the container where the object will be created. When you do not specify the Path parameter, the cmdlet creates an object in the default naming context container for Active Directory objects in the domain. </maml:para><maml:para>The following methods explain different ways to create an object by using this cmdlet. </maml:para><maml:para>Method 1: Use the New-ADObject cmdlet, specify the required parameters, and set any additional property values by using the cmdlet parameters. </maml:para><maml:para>Method 2: Use a template to create the new object. To do this, create a new Active Directory object or retrieve a copy of an existing Active Directory object and set the Instance parameter to this object. The object provided to the Instance parameter is used as a template for the new object. You can override property values from the template by setting cmdlet parameters. For more information, see the Instance parameter description for this cmdlet. For information about Active Directory cmdlets use the Instance parameter, type Get-Help about_ActiveDirectory_Instance. </maml:para><maml:para>Method 3: Use the <maml:navigationLink><maml:linkText>Import-CSV</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet with the New-ADObject cmdlet to create multiple Active Directory objects. To do this, use the Import-CSV cmdlet to create the custom objects from a comma-separated value (CSV) file that contains a list of object properties. Then pass these objects through the pipeline to the New-ADObject cmdlet to create the Active Directory objects. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>New-ADObject</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="3" aliases=""><maml:name>Type</maml:name><maml:description><maml:para>Specifies the type of object to create. Set the Type parameter to the LDAP display name of the Active Directory Schema Class that represents the type of object that you want to create. Examples of type values include user, computer, and group. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of an Active Directory object to use as a template for a new Active Directory object. </maml:para><maml:para>You can use an instance of an existing Active Directory object as a template or you can construct a new Active Directory object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing Active Directory object as a template for a new object. To retrieve an instance of an existing Active Directory object, use a cmdlet such as Get-ADObject. Then provide this object to the Instance parameter of the New-ADObject cmdlet to create a new Active Directory object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADObject and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADObject cmdlet to create the new Active Directory object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADObject</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAPDisplayName (ldapDisplayName) defined for it in the Active Directory schema. </maml:para><maml:para>Syntax: </maml:para><maml:para>To specify a single value for an attribute: </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value} </maml:para><maml:para>To specify multiple values for an attribute </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...} </maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created. </maml:para><maml:para>In many cases, a default value will be used for the Path parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Path will be set in the following cases: -- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example: in New-ADUser, the Path parameter would default to the Users container. -- If none of the previous cases apply, the default value of Path will be set to the default partition or naming context of the target domain.</maml:para><maml:para>In AD LDS environments, a default value for Path will be set in the following cases: -- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example: in New-ADUser, the Path parameter would default to the Users container. -- If the target AD LDS instance has a default naming context, the default value of Path will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Path parameter will not take any default value.</maml:para><maml:para>Note: The Active Directory Provider cmdlets, such New-Item, Remove-Item, Remove-ItemProperty, Rename-Item, and Set-ItemProperty also contain a Path property. However, for the provider cmdlets, the Path parameter identifies the path of the actual object and not the container as with the Active Directory cmdlets. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of an Active Directory object to use as a template for a new Active Directory object. </maml:para><maml:para>You can use an instance of an existing Active Directory object as a template or you can construct a new Active Directory object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing Active Directory object as a template for a new object. To retrieve an instance of an existing Active Directory object, use a cmdlet such as Get-ADObject. Then provide this object to the Instance parameter of the New-ADObject cmdlet to create a new Active Directory object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADObject and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADObject cmdlet to create the new Active Directory object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADObject</command:parameterValue><dev:type><maml:name>ADObject</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAPDisplayName (ldapDisplayName) defined for it in the Active Directory schema. </maml:para><maml:para>Syntax: </maml:para><maml:para>To specify a single value for an attribute: </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value} </maml:para><maml:para>To specify multiple values for an attribute </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...} </maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created. </maml:para><maml:para>In many cases, a default value will be used for the Path parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Path will be set in the following cases: -- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example: in New-ADUser, the Path parameter would default to the Users container. -- If none of the previous cases apply, the default value of Path will be set to the default partition or naming context of the target domain.</maml:para><maml:para>In AD LDS environments, a default value for Path will be set in the following cases: -- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example: in New-ADUser, the Path parameter would default to the Users container. -- If the target AD LDS instance has a default naming context, the default value of Path will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Path parameter will not take any default value.</maml:para><maml:para>Note: The Active Directory Provider cmdlets, such New-Item, Remove-Item, Remove-ItemProperty, Rename-Item, and Set-ItemProperty also contain a Path property. However, for the provider cmdlets, the Path parameter identifies the path of the actual object and not the container as with the Active Directory cmdlets. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="3" aliases=""><maml:name>Type</maml:name><maml:description><maml:para>Specifies the type of object to create. Set the Type parameter to the LDAP display name of the Active Directory Schema Class that represents the type of object that you want to create. Examples of type values include user, computer, and group. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADObject</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An Active Directory object that is a template for the new object is received by the Instance parameter. </maml:para><maml:para>Derived types such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADPartition -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADObject</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the new Active Directory object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADObject -Name '192.168.1.0/26' -Type subnet -Description '192.168.1.0/255.255.255.192' -OtherAttributes @{location="Building A";siteObject="CN=HQ,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM"} -Path "CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM" </dev:code><dev:remarks><maml:para>This command creates a subnet object in the HQ site with the described attributes.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$subnetTemplate = Get-ADObject -Identity "CN=192.168.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=Fabrikam,DC=com" -properties description,location PS C:\> New-ADObject -Instance $subnetTemplate -Name "192.168.1.0/28" -Type subnet -Path "CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM" </dev:code><dev:remarks><maml:para>This example creates a new subnet object, using a different subnet object as a template.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADObject -Name SaraDavisContact -Type contact -ProtectedFromAccidentalDeletion $True -OtherAttributes @{'msDS-SourceObjectDN'="CN=FabrikamContacts,DC=CONTOSO,DC=COM"} </dev:code><dev:remarks><maml:para>This command creates a new contact object, sets the msDS-SourceObjectDN property and protects the object from accidental deletion. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADObject -name Apps -Type container -Path "DC=AppNC" -Server "FABRIKAM-SRV1:60000" </dev:code><dev:remarks><maml:para>This command creates a new container object named Apps in an LDS instance. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291068</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Move-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Rename-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Restore-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADObject</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>New-ADOrganizationalUnit</command:name><maml:description><maml:para>Creates a new Active Directory organizational unit.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>New</command:verb><command:noun>ADOrganizationalUnit</command:noun><dev:version /></command:details><maml:description><maml:para>The New-ADOrganizationalUnit cmdlet creates a new Active Directory organizational unit. You can set commonly used organizational unit property values by using the cmdlet parameters. Property values that are not associated with cmdlet parameters can be set by using the OtherAttributes parameter. </maml:para><maml:para>You must set the Name parameter to create a new organizational unit. When you do not specify the Path parameter, the cmdlet creates an organizational unit under the default NC head for the domain. </maml:para><maml:para>The following methods explain different ways to create an object by using this cmdlet. </maml:para><maml:para>Method 1: Use the New-ADOrganizationalUnit cmdlet, specify the required parameters, and set any additional property values by using the cmdlet parameters. </maml:para><maml:para>Method 2: Use a template to create the new object. To do this, create a new organizational unit object or retrieve a copy of an existing organizational unit object and set the Instance parameter to this object. The object provided to the Instance parameter is used as a template for the new object. You can override property values from the template by setting cmdlet parameters. For more information, see the Instance parameter description for this cmdlet. </maml:para><maml:para>Method 3: Use the <maml:navigationLink><maml:linkText>Import-Csv</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet with the New-ADOrganizationalUnit cmdlet to create multiple Active Directory organizational unit objects. To do this, use the Import-Csv cmdlet to create the custom objects from a comma-separated value (CSV) file that contains a list of object properties. Then pass these objects through the pipeline to the New-ADOrganizationalUnit cmdlet to create the organizational unit objects. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>New-ADOrganizationalUnit</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>City</maml:name><maml:description><maml:para>Specifies the user's town or city. This parameter sets the City property of a user. The LDAP display name (ldapDisplayName) of this property is l. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Country</maml:name><maml:description><maml:para>Specifies the country or region code for the user's language of choice. This parameter sets the Country property of a user object. The LDAP Display Name (ldapDisplayName) of this property is c. This value is not used by Windows 2000.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of an organizational unit object to use as a template for a new organizational unit object. </maml:para><maml:para>You can use an instance of an existing organizational unit object as a template or you can construct a new organizational unit object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing organizational unit object as a template for a new object. To retrieve an instance of an existing organizational unit object use Get-ADOrganizationalUnit. Then provide this object to the Instance parameter of the New-ADOrganizationalUnit cmdlet to create a new organizational unit object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADOrganizationalUnit object and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADOrganizationalUnit cmdlet to create the new Active Directory organizational unit object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADOrganizationalUnit</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ManagedBy</maml:name><maml:description><maml:para>Specifies the user or group that manages the object by providing one of the following property values. Note: The identifier in parentheses is the LDAP display name for the property. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter sets the Active Directory attribute with an LDAP Display Name of managedBy.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADPrincipal</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAPDisplayName (ldapDisplayName) defined for it in the Active Directory schema. </maml:para><maml:para>Syntax: </maml:para><maml:para>To specify a single value for an attribute: </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value} </maml:para><maml:para>To specify multiple values for an attribute </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...} </maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created.</maml:para><maml:para>In many cases, a default value will be used for the Path parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Path will be set in the following cases: -- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example: in New-ADUser, the Path parameter would default to the Users container. -- If none of the previous cases apply, the default value of Path will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Path will be set in the following cases: -- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example: in New-ADUser, the Path parameter would default to the Users container. -- If the target AD LDS instance has a default naming context, the default value of Path will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Path parameter will not take any default value. </maml:para><maml:para>Note: The Active Directory Provider cmdlets, such New-Item, Remove-Item, Remove-ItemProperty, Rename-Item and Set-ItemProperty also contain a Path property. However, for the provider cmdlets, the Path parameter identifies the path of the actual object and not the container as with the Active Directory cmdlets. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>PostalCode</maml:name><maml:description><maml:para>Specifies the user's postal code or zip code. This parameter sets the PostalCode property of a user. The LDAP Display Name (ldapDisplayName) of this property is postalCode.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>State</maml:name><maml:description><maml:para>Specifies the user's or Organizational Unit's state or province. This parameter sets the State property of a User or Organizational Unit object. The LDAP display name (ldapDisplayName) of this property is st. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>StreetAddress</maml:name><maml:description><maml:para>Specifies the organizational unit's street address. This parameter sets the StreetAddress property of a organizational unit object. The LDAP display name (ldapDisplayName) of this property is street.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>City</maml:name><maml:description><maml:para>Specifies the user's town or city. This parameter sets the City property of a user. The LDAP display name (ldapDisplayName) of this property is l. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Country</maml:name><maml:description><maml:para>Specifies the country or region code for the user's language of choice. This parameter sets the Country property of a user object. The LDAP Display Name (ldapDisplayName) of this property is c. This value is not used by Windows 2000.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of an organizational unit object to use as a template for a new organizational unit object. </maml:para><maml:para>You can use an instance of an existing organizational unit object as a template or you can construct a new organizational unit object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing organizational unit object as a template for a new object. To retrieve an instance of an existing organizational unit object use Get-ADOrganizationalUnit. Then provide this object to the Instance parameter of the New-ADOrganizationalUnit cmdlet to create a new organizational unit object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADOrganizationalUnit object and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADOrganizationalUnit cmdlet to create the new Active Directory organizational unit object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADOrganizationalUnit</command:parameterValue><dev:type><maml:name>ADOrganizationalUnit</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ManagedBy</maml:name><maml:description><maml:para>Specifies the user or group that manages the object by providing one of the following property values. Note: The identifier in parentheses is the LDAP display name for the property. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter sets the Active Directory attribute with an LDAP Display Name of managedBy.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADPrincipal</command:parameterValue><dev:type><maml:name>ADPrincipal</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAPDisplayName (ldapDisplayName) defined for it in the Active Directory schema. </maml:para><maml:para>Syntax: </maml:para><maml:para>To specify a single value for an attribute: </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value} </maml:para><maml:para>To specify multiple values for an attribute </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...} </maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created.</maml:para><maml:para>In many cases, a default value will be used for the Path parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Path will be set in the following cases: -- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example: in New-ADUser, the Path parameter would default to the Users container. -- If none of the previous cases apply, the default value of Path will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Path will be set in the following cases: -- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example: in New-ADUser, the Path parameter would default to the Users container. -- If the target AD LDS instance has a default naming context, the default value of Path will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Path parameter will not take any default value. </maml:para><maml:para>Note: The Active Directory Provider cmdlets, such New-Item, Remove-Item, Remove-ItemProperty, Rename-Item and Set-ItemProperty also contain a Path property. However, for the provider cmdlets, the Path parameter identifies the path of the actual object and not the container as with the Active Directory cmdlets. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>PostalCode</maml:name><maml:description><maml:para>Specifies the user's postal code or zip code. This parameter sets the PostalCode property of a user. The LDAP Display Name (ldapDisplayName) of this property is postalCode.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue>$true</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>State</maml:name><maml:description><maml:para>Specifies the user's or Organizational Unit's state or province. This parameter sets the State property of a User or Organizational Unit object. The LDAP display name (ldapDisplayName) of this property is st. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>StreetAddress</maml:name><maml:description><maml:para>Specifies the organizational unit's street address. This parameter sets the StreetAddress property of a organizational unit object. The LDAP display name (ldapDisplayName) of this property is street.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADOrganizationalUnit</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An organizational unit object that is a template for the new organizational unit object is received by the Instance parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADOrganizationalUnit</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the new organizational unit object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADOrganizationalUnit -Name "UserAccounts" -Path "DC=FABRIKAM,DC=COM" </dev:code><dev:remarks><maml:para>This command creates a new OrganizationalUnit named UserAccounts which is protected from accidental deletion. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADOrganizationalUnit -Name "UserAccounts" -Path "DC=FABRIKAM,DC=COM" -ProtectedFromAccidentalDeletion $False </dev:code><dev:remarks><maml:para>This command creates a new OrganizationalUnit named 'UserAccounts' which is not protected from deletion. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADOrganizationalUnit -Name "UserAccounts" -Path "DC=FABRIKAM,DC=COM" -OtherAttributes @{seeAlso="CN=HumanResourceManagers,OU=Groups,OU=Managed,DC=Fabrikam,DC=com";managedBy="CN=TomC,DC=FABRIKAM,DC=COM"} </dev:code><dev:remarks><maml:para>This command creates an OrganizationalUnit named UserAccounts which is protected from accidental deletion with properties seeAlso and managedBy set to the specified values. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$ouTemplate = Get-ADOrganizationalUnit -Identity "OU=UserAccounts,DC=Fabrikam,DC=com" -Properties seeAlso,managedBy PS C:\> New-ADOrganizationalUnit -Name "TomCReports" -Instance $ouTemplate </dev:code><dev:remarks><maml:para>This command uses the data from the OrganizationalUnit OU=UserAccounts,DC=Fabrikam,DC=com as a template for another new OrganizationalUnit.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADOrganizationalUnit -Name "Managed" -Path "DC=AppNC" -Server "FABRIKAM-SRV1:60000" </dev:code><dev:remarks><maml:para>This command creates a new OrganizationalUnit named Managed in an LDS instance.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291069</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADOrganizationalUnit</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADOrganizationalUnit</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADOrganizationalUnit</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>New-ADReplicationSite</command:name><maml:description><maml:para>Creates a new Active Directory replication site in the directory.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>New</command:verb><command:noun>ADReplicationSite</command:noun><dev:version /></command:details><maml:description><maml:para>The New-ADReplicationSite cmdlet is used to create new sites in Active Directory replication. Sites are used in Active Directory to either enable clients to discover network resources (published shares, domain controllers) close to the physical location of a client computer or to reduce network traffic over wide area network (WAN) links. Sites can also be used to optimize replication between domain controllers. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>New-ADReplicationSite</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies a name for the replication site object.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AutomaticInterSiteTopologyGenerationEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet prevents the KCC that functions as the intersite topology generator (ISTG) from generating connections for intersite replication. Use this option when you want to create manual intersite connections (disable the ISTG) but retain the KCC to generate intrasite connections. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AutomaticTopologyGenerationEnabled</maml:name><maml:description><maml:para>Indicates whether to enable automatic topology generation. When enabled, prevents the KCC from generating intrasite connections on all servers in the site. Disable this option if you use manual connections and do not want the KCC to build connections automatically. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user. </maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a site object to use as a template for a new site object. </maml:para><maml:para>You can use an instance of an existing site object as a template or you can construct a new site object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing site object as a template for a new object. To retrieve an instance of an existing site object, use the Get-ADReplicationSite cmdlet. Then provide this site object to the Instance parameter of the New-ADReplicationSite cmdlet to create a new site object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADReplicationSite and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADReplicationSite cmdlet to create the new site object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSite</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>InterSiteTopologyGenerator</maml:name><maml:description><maml:para>Specifies the server acting as the inter-site topology generator for this site. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDirectoryServer</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ManagedBy</maml:name><maml:description><maml:para>Specifies the user or group that manages the object by providing one of the following property values : -- Distinguished Name -- GUID (objectGUID) -- Security Identifier (objectSid) -- SAM Account Name (sAMAccountName) Note: The identifier in parentheses is the LDAP display name for the property. </maml:para><maml:para>This parameter sets the Active Directory attribute with an LDAP Display Name of managedBy.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADPrincipal</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAPDisplayName (ldapDisplayName) defined for it in the Active Directory schema. </maml:para><maml:para>Syntax: </maml:para><maml:para>To specify a single value for an attribute: </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value} </maml:para><maml:para>To specify multiple values for an attribute </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...} </maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>RedundantServerTopologyEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet creates redundant connections between sites before a failure takes place. When enabled, disables KCC failover. Requires that automatic detection of failed connections also be disabled (+IS_TOPL_DETECT_STALE_DISABLED).</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ReplicationSchedule</maml:name><maml:description><maml:para>Specifies the default replication schedule for connections within this site (intra-site replication).</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ActiveDirectorySchedule</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ScheduleHashingEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet spreads replication start times randomly across the entire schedule interval rather than just the first quarter of the interval. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>TopologyCleanupEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet enables topology cleanup. When enabled, prevents the KCC from removing connection objects that it does not need. Disable this option if you want to take responsibility for removing old redundant connections. Alternatively, to control or augment the topology, you can use manual connections, which the KCC does not delete. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>TopologyDetectStaleEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet enables topology detect stale. Prevents the KCC from excluding servers that are unreachable from the topology; that is, the KCC does use an alternate server to reroute replication. Use this option only if network communication is very unstable and brief outages are expected. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>TopologyMinimumHopsEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet enables topology minimium hops. When enabled, prevents the KCC from generating optimizing connections in the ring topology of intrasite replication. Optimizing connections reduce the replication latency in the site and disabling them is not recommended. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>UniversalGroupCachingEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet enables universal group caching. If this parameter is true, it indicates this site caches universal groups, which are those groups cached on global catalog (GC) servers. It can be useful in sites with no GC servers available locally.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>UniversalGroupCachingRefreshSite</maml:name><maml:description><maml:para>Specifies the name of a site. If universal group caching is enabled, the name of the site from which the cache is pulled. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSite</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>WindowsServer2000BridgeheadSelectionMethodEnabled</maml:name><maml:description><maml:para>Implements the Windows 2000 Server method of selecting a single bridgehead server per directory partition and transport. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>WindowsServer2000KCCISTGSelectionBehaviorEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet to implements the Windows 2000 Server method of ISTG selection. Off by default.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>WindowsServer2003KCCBehaviorEnabled</maml:name><maml:description><maml:para>Implements KCC operation that is consistent with Windows Server 2003 forest functional level. This option can be set if all domain controllers in the site are running Windows Server 2003. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>WindowsServer2003KCCIgnoreScheduleEnabled</maml:name><maml:description><maml:para>Indicates whether to ignore schedules. When the forest functional level Windows Server 2003 or Windows Server 2003 interim is in effect, provides KCC control of the ability to ignore schedules (replication occurs at the designated intervals and is always available). </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>WindowsServer2003KCCSiteLinkBridgingEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet enables site link bridging. When the forest functional level Windows Server 2003 or Windows Server 2003 interim is in effect, provides KCC control of the ability to enable or disable site link bridging. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AutomaticInterSiteTopologyGenerationEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet prevents the KCC that functions as the intersite topology generator (ISTG) from generating connections for intersite replication. Use this option when you want to create manual intersite connections (disable the ISTG) but retain the KCC to generate intrasite connections. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AutomaticTopologyGenerationEnabled</maml:name><maml:description><maml:para>Indicates whether to enable automatic topology generation. When enabled, prevents the KCC from generating intrasite connections on all servers in the site. Disable this option if you use manual connections and do not want the KCC to build connections automatically. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user. </maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a site object to use as a template for a new site object. </maml:para><maml:para>You can use an instance of an existing site object as a template or you can construct a new site object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing site object as a template for a new object. To retrieve an instance of an existing site object, use the Get-ADReplicationSite cmdlet. Then provide this site object to the Instance parameter of the New-ADReplicationSite cmdlet to create a new site object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADReplicationSite and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADReplicationSite cmdlet to create the new site object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSite</command:parameterValue><dev:type><maml:name>ADReplicationSite</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>InterSiteTopologyGenerator</maml:name><maml:description><maml:para>Specifies the server acting as the inter-site topology generator for this site. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDirectoryServer</command:parameterValue><dev:type><maml:name>ADDirectoryServer</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ManagedBy</maml:name><maml:description><maml:para>Specifies the user or group that manages the object by providing one of the following property values : -- Distinguished Name -- GUID (objectGUID) -- Security Identifier (objectSid) -- SAM Account Name (sAMAccountName) Note: The identifier in parentheses is the LDAP display name for the property. </maml:para><maml:para>This parameter sets the Active Directory attribute with an LDAP Display Name of managedBy.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADPrincipal</command:parameterValue><dev:type><maml:name>ADPrincipal</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies a name for the replication site object.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAPDisplayName (ldapDisplayName) defined for it in the Active Directory schema. </maml:para><maml:para>Syntax: </maml:para><maml:para>To specify a single value for an attribute: </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value} </maml:para><maml:para>To specify multiple values for an attribute </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...} </maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>RedundantServerTopologyEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet creates redundant connections between sites before a failure takes place. When enabled, disables KCC failover. Requires that automatic detection of failed connections also be disabled (+IS_TOPL_DETECT_STALE_DISABLED).</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ReplicationSchedule</maml:name><maml:description><maml:para>Specifies the default replication schedule for connections within this site (intra-site replication).</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ActiveDirectorySchedule</command:parameterValue><dev:type><maml:name>ActiveDirectorySchedule</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ScheduleHashingEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet spreads replication start times randomly across the entire schedule interval rather than just the first quarter of the interval. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>TopologyCleanupEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet enables topology cleanup. When enabled, prevents the KCC from removing connection objects that it does not need. Disable this option if you want to take responsibility for removing old redundant connections. Alternatively, to control or augment the topology, you can use manual connections, which the KCC does not delete. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>TopologyDetectStaleEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet enables topology detect stale. Prevents the KCC from excluding servers that are unreachable from the topology; that is, the KCC does use an alternate server to reroute replication. Use this option only if network communication is very unstable and brief outages are expected. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>TopologyMinimumHopsEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet enables topology minimium hops. When enabled, prevents the KCC from generating optimizing connections in the ring topology of intrasite replication. Optimizing connections reduce the replication latency in the site and disabling them is not recommended. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>UniversalGroupCachingEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet enables universal group caching. If this parameter is true, it indicates this site caches universal groups, which are those groups cached on global catalog (GC) servers. It can be useful in sites with no GC servers available locally.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>UniversalGroupCachingRefreshSite</maml:name><maml:description><maml:para>Specifies the name of a site. If universal group caching is enabled, the name of the site from which the cache is pulled. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSite</command:parameterValue><dev:type><maml:name>ADReplicationSite</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>WindowsServer2000BridgeheadSelectionMethodEnabled</maml:name><maml:description><maml:para>Implements the Windows 2000 Server method of selecting a single bridgehead server per directory partition and transport. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>WindowsServer2000KCCISTGSelectionBehaviorEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet to implements the Windows 2000 Server method of ISTG selection. Off by default.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>WindowsServer2003KCCBehaviorEnabled</maml:name><maml:description><maml:para>Implements KCC operation that is consistent with Windows Server 2003 forest functional level. This option can be set if all domain controllers in the site are running Windows Server 2003. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>WindowsServer2003KCCIgnoreScheduleEnabled</maml:name><maml:description><maml:para>Indicates whether to ignore schedules. When the forest functional level Windows Server 2003 or Windows Server 2003 interim is in effect, provides KCC control of the ability to ignore schedules (replication occurs at the designated intervals and is always available). </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>WindowsServer2003KCCSiteLinkBridgingEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet enables site link bridging. When the forest functional level Windows Server 2003 or Windows Server 2003 interim is in effect, provides KCC control of the ability to enable or disable site link bridging. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADReplicationSite</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A site object that is a template for the new site object is received by the Instance parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADReplicationSite</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADReplicationSite -Name "NorthAmerica" </dev:code><dev:remarks><maml:para>This command creates a new site named NorthAmerica. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADReplicationSite -Name "Europe" -AutomaticInterSiteTopologyGenerationEnabled $FALSE </dev:code><dev:remarks><maml:para>This command creates a new site named Europe, and sets the AutomaticInterSiteTopologyGenerationEnabled property on the new object. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$schedule = New-Object -TypeName System.DirectoryServices.ActiveDirectory.ActiveDirectorySchedule PS C:\> $schedule.ResetSchedule() PS C:\> $schedule.SetDailySchedule("Twenty","Zero","TwentyTwo","Thirty"); PS C:\> New-ADReplicationSite -Name "Asia" -ReplicationSchedule $schedule </dev:code><dev:remarks><maml:para>This example creates a new site named Asia, and sets the daily ReplicationSchedule from 20:00 to 22:30. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291070</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADReplicationSite</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADReplicationSite</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADReplicationSite</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>New-ADReplicationSiteLink</command:name><maml:description><maml:para>Creates a new Active Directory site link for in managing replication.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>New</command:verb><command:noun>ADReplicationSiteLink</command:noun><dev:version /></command:details><maml:description><maml:para>The New-ADReplicationSiteLink cmdlet can be used to create a new Active Directory site link. A site link connects two or more sites. Site links reflect the administrative policy for how sites are to be interconnected and the methods used to transfer replication traffic. You must connect sites with site links so that domain controllers at each site can replicate Active Directory changes. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>New-ADReplicationSiteLink</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the site link. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>SitesIncluded</maml:name><maml:description><maml:para>Specifies the list of sites included in the site link. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADReplicationSite[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Cost</maml:name><maml:description><maml:para>Specifies the cost to be placed on the site link. For more information on determining the cost, see <maml:navigationLink><maml:linkText>Determining the Cost</maml:linkText><maml:uri></maml:uri></maml:navigationLink> in the TechNet Library: http://go.microsoft.com/fwlink/?LinkId=221871.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a site link object to use as a template for a new site link object.</maml:para><maml:para>You can use an instance of an existing site link object as a template or you can construct a new site link object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing site link object as a template for a new object. To retrieve an instance of an existing site link object, use a cmdlet such as Get-ADReplicationSiteLink. Then provide this object to the Instance parameter of the New-ADReplicationSiteLink cmdlet to create a new Active Directory object. You can override property values of the new object by setting the appropriate parameters.</maml:para><maml:para>Method 2: Create a new ADReplicationSiteLink and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADReplicationSiteLink cmdlet to create the new site link object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSiteLink</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>InterSiteTransportProtocol</maml:name><maml:description><maml:para>Specifies a valid intersite transport protocol option. The acceptable values for this parameter are: -- IP -- SMTP </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">IP</command:parameterValue><command:parameterValue required="true" variableLength="false">SMTP</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAPDisplayName (ldapDisplayName) defined for it in the Active Directory schema. </maml:para><maml:para>Syntax: </maml:para><maml:para>To specify a single value for an attribute: </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value} </maml:para><maml:para>To specify multiple values for an attribute </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...} </maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ReplicationFrequencyInMinutes</maml:name><maml:description><maml:para>Species the frequency, in minutes, for which replication will occur where this site link is in use between sites. Active Directory preserves bandwidth between sites by minimizing the frequency of replication and by allowing you to schedule the availability of site links for replication. By default, intersite replication across each site link occurs every 180 minutes (3 hours). You can adjust this frequency to match your specific needs. Be aware that increasing this frequency increases the amount of bandwidth used by replication.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ReplicationSchedule</maml:name><maml:description><maml:para>Specifies the default replication schedule for any connections within this site link (intra-site replication). This allows you to schedule the availability of site links for use by replication. By default, a site link is available to carry replication traffic 24 hours a day, 7 days a week. You can limit this schedule to specific days of the week and times of day. You can, for example, schedule intersite replication so that it only occurs after normal business hours. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ActiveDirectorySchedule</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Cost</maml:name><maml:description><maml:para>Specifies the cost to be placed on the site link. For more information on determining the cost, see <maml:navigationLink><maml:linkText>Determining the Cost</maml:linkText><maml:uri></maml:uri></maml:navigationLink> in the TechNet Library: http://go.microsoft.com/fwlink/?LinkId=221871.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a site link object to use as a template for a new site link object.</maml:para><maml:para>You can use an instance of an existing site link object as a template or you can construct a new site link object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing site link object as a template for a new object. To retrieve an instance of an existing site link object, use a cmdlet such as Get-ADReplicationSiteLink. Then provide this object to the Instance parameter of the New-ADReplicationSiteLink cmdlet to create a new Active Directory object. You can override property values of the new object by setting the appropriate parameters.</maml:para><maml:para>Method 2: Create a new ADReplicationSiteLink and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADReplicationSiteLink cmdlet to create the new site link object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSiteLink</command:parameterValue><dev:type><maml:name>ADReplicationSiteLink</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>InterSiteTransportProtocol</maml:name><maml:description><maml:para>Specifies a valid intersite transport protocol option. The acceptable values for this parameter are: -- IP -- SMTP </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADInterSiteTransportProtocolType</command:parameterValue><dev:type><maml:name>ADInterSiteTransportProtocolType</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the site link. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAPDisplayName (ldapDisplayName) defined for it in the Active Directory schema. </maml:para><maml:para>Syntax: </maml:para><maml:para>To specify a single value for an attribute: </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value} </maml:para><maml:para>To specify multiple values for an attribute </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...} </maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ReplicationFrequencyInMinutes</maml:name><maml:description><maml:para>Species the frequency, in minutes, for which replication will occur where this site link is in use between sites. Active Directory preserves bandwidth between sites by minimizing the frequency of replication and by allowing you to schedule the availability of site links for replication. By default, intersite replication across each site link occurs every 180 minutes (3 hours). You can adjust this frequency to match your specific needs. Be aware that increasing this frequency increases the amount of bandwidth used by replication.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ReplicationSchedule</maml:name><maml:description><maml:para>Specifies the default replication schedule for any connections within this site link (intra-site replication). This allows you to schedule the availability of site links for use by replication. By default, a site link is available to carry replication traffic 24 hours a day, 7 days a week. You can limit this schedule to specific days of the week and times of day. You can, for example, schedule intersite replication so that it only occurs after normal business hours. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ActiveDirectorySchedule</command:parameterValue><dev:type><maml:name>ActiveDirectorySchedule</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>SitesIncluded</maml:name><maml:description><maml:para>Specifies the list of sites included in the site link. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADReplicationSite[]</command:parameterValue><dev:type><maml:name>ADReplicationSite[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADReplicationSiteLink</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A site link object that is a template for the new site link object is received by the Instance parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADReplicationSiteLink</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADReplicationSiteLink -Name "NorthAmerica-Europe" -SitesIncluded NorthAmerica,Europe </dev:code><dev:remarks><maml:para>This command creates a new site link named NorthAmerica-Europe linking the two sites NorthAmerica and Europe. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADReplicationSiteLink -Name "Europe-Asia" -SitesIncluded Europe,Asia -Cost 100 -ReplicationFrequencyInMinutes 15 -InterSiteTransportProtocol IP </dev:code><dev:remarks><maml:para>This command creates a new site link named Europe-Asia linking two sites Europe and Asia, and set the Cost, ReplicationFrequencyInMinutes, and InterSiteTransportProtocol on the new object. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$schedule = New-Object -TypeName System.DirectoryServices.ActiveDirectory.ActiveDirectorySchedule PS C:\> $schedule.ResetSchedule() PS C:\> $schedule.SetDailySchedule("Twenty","Zero","TwentyTwo","Thirty") PS C:\> New-ADReplicationSiteLink -Name "NorthAmerica-SouthAmerica" -SitesIncluded NorthAmerica,SouthAmerica -ReplicationSchedule $schedule </dev:code><dev:remarks><maml:para>This example creates a new site link named NorthAmerica-SouthAmerica linking two sites NorthAmerica and SouthAmerica, and set the daily ReplicationSchedule from 20:00 to 22:30. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADReplicationSiteLink -Name "Europe-Asia" -SitesIncluded Europe,Asia -OtherAttributes @{'options'=1} </dev:code><dev:remarks><maml:para>This command creates a new site link named Europe-Asia linking two sites Europe and Asia, and enable change notification on the new object. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291071</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADReplicationSiteLink</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADReplicationSiteLink</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADReplicationSiteLink</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>New-ADReplicationSiteLinkBridge</command:name><maml:description><maml:para>Creates a new site link bridge in Active Directory for replication.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>New</command:verb><command:noun>ADReplicationSiteLinkBridge</command:noun><dev:version /></command:details><maml:description><maml:para>The New-ADReplicationSiteLinkBridge cmdlet creates a new site link bridge in Active Directory for use in replication. A site link bridge connects two or more site links and enables transitivity between site links. Each site link in a bridge must have a site in common with another site link in the bridge. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>New-ADReplicationSiteLinkBridge</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the replication site link bridge object. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>SiteLinksIncluded</maml:name><maml:description><maml:para>Specifies an array of site links that are included in this site link bridge. Accepted values for this parameter are the distinguished name (DN), a GUID, or the name of a site link. This parameter must contain two sites upon creation or else the Instance parameter must be included and used. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADReplicationSiteLink[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a site link bridge object to use as a template for a new site link bridge object. </maml:para><maml:para>You can use an instance of an existing site link bridge object as a template or you can construct a new site link bridge object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing site link bridge object as a template for a new object. To retrieve an instance of an existing Active Directory object, use the Get-ADReplicationSiteLinkBridge cmdlet. Then provide this object to the Instance parameter of the New-ADReplicationSiteLinkBridge cmdlet to create a new site link bridge object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADReplicationSiteLinkBridge and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADReplicationSiteLinkBridge cmdlet to create the new site link bridge object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSiteLinkBridge</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>InterSiteTransportProtocol</maml:name><maml:description><maml:para>Specifies the valid InterSite Transport Protocol for use with this site link bridge. The acceptable values for this parameter are: -- IP -- SMTP</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">IP</command:parameterValue><command:parameterValue required="true" variableLength="false">SMTP</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAPDisplayName (ldapDisplayName) defined for it in the Active Directory schema. </maml:para><maml:para>Syntax: </maml:para><maml:para>To specify a single value for an attribute: </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value} </maml:para><maml:para>To specify multiple values for an attribute </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...} </maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a site link bridge object to use as a template for a new site link bridge object. </maml:para><maml:para>You can use an instance of an existing site link bridge object as a template or you can construct a new site link bridge object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing site link bridge object as a template for a new object. To retrieve an instance of an existing Active Directory object, use the Get-ADReplicationSiteLinkBridge cmdlet. Then provide this object to the Instance parameter of the New-ADReplicationSiteLinkBridge cmdlet to create a new site link bridge object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADReplicationSiteLinkBridge and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADReplicationSiteLinkBridge cmdlet to create the new site link bridge object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSiteLinkBridge</command:parameterValue><dev:type><maml:name>ADReplicationSiteLinkBridge</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>InterSiteTransportProtocol</maml:name><maml:description><maml:para>Specifies the valid InterSite Transport Protocol for use with this site link bridge. The acceptable values for this parameter are: -- IP -- SMTP</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADInterSiteTransportProtocolType</command:parameterValue><dev:type><maml:name>ADInterSiteTransportProtocolType</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the replication site link bridge object. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAPDisplayName (ldapDisplayName) defined for it in the Active Directory schema. </maml:para><maml:para>Syntax: </maml:para><maml:para>To specify a single value for an attribute: </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value} </maml:para><maml:para>To specify multiple values for an attribute </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...} </maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>SiteLinksIncluded</maml:name><maml:description><maml:para>Specifies an array of site links that are included in this site link bridge. Accepted values for this parameter are the distinguished name (DN), a GUID, or the name of a site link. This parameter must contain two sites upon creation or else the Instance parameter must be included and used. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADReplicationSiteLink[]</command:parameterValue><dev:type><maml:name>ADReplicationSiteLink[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADReplicationSiteLinkBridge</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A site link bridge object that is a template for the new site link bridge object is received by the Instance parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADReplicationSiteLinkBridge</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>By default, all site links are bridged (transitive) and creating a site link design is not required. We recommend that you keep transitivity enabled by not changing this default. However, you will need to disable bridging for all site links and complete a site link bridge design if either of the following is true: -- Your IP network is not fully routed. -- You need to control the replication flow of the changes made in Active Directory Domain Services (AD DS).</maml:para></maml:alert><maml:alert></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADReplicationSiteLinkBridge -Name "NorthAmerica-Asia" -SiteLinksIncluded "NorthAmerica-Europe","Europe-Asia" </dev:code><dev:remarks><maml:para>This command creates a new site link bridge named NorthAmerica-Asia bridging the two sites links NorthAmerica-Europe and Europe-Asia. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADReplicationSiteLinkBridge -Name "NorthAmerica-Asia" -SiteLinksIncluded "NorthAmerica-Europe","Europe-Asia" -InterSiteTransportProtocol IP </dev:code><dev:remarks><maml:para>This command creates a new site link bridge named NorthAmerica-Asia bridging the two sites links NorthAmerica-Europe and Europe-Asia, and set the InterSiteTransportProtocol on the new object.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291072</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADReplicationSiteLinkBridge</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADReplicationSiteLinkBridge</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADReplicationSiteLinkBridge</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>New-ADReplicationSubnet</command:name><maml:description><maml:para>Creates a new Active Directory replication subnet object.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>New</command:verb><command:noun>ADReplicationSubnet</command:noun><dev:version /></command:details><maml:description><maml:para>The New-ADReplicationSubnet cmdlet creates a new Active Directory subnet object. Subnet objects (class subnet) define network subnets in Active Directory. A network subnet is a segment of a TCP/IP network to which a set of logical IP addresses is assigned. Subnets group computers in a way that identifies their physical proximity on the network. Subnet objects in Active Directory are used to map computers to sites. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>New-ADReplicationSubnet</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the subnet. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para><maml:para>Subnet names in Active Directory take the form network/bits masked. For example, the subnet object 172.16.72.0/22 has a subnet of 172.16.72.0 and a 22-bit subnet mask. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Site</maml:name><maml:description><maml:para>Specifies the site associated with this subnet. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSite</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a subnet object to use as a template for a new subnet object.</maml:para><maml:para>You can use an instance of an existing subnet object as a template or you can construct a new subnet object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing subnet object as a template for a new subnet object. To retrieve an instance of an existing subnet object, use the Get-ADReplicationSubnet cmdlet. Then provide this object to the Instance parameter of the New-ADReplicationSubnet cmdlet to create a new subnet object. You can override property values of the new object by setting the appropriate parameters.</maml:para><maml:para>Method 2: Create a new ADReplicationSubnet and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADReplicationSubnet cmdlet to create the new subnet object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSubnet</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Location</maml:name><maml:description><maml:para>Specifies a description of the physical location of this subnet. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAPDisplayName (ldapDisplayName) defined for it in the Active Directory schema. </maml:para><maml:para>Syntax: </maml:para><maml:para>To specify a single value for an attribute: </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value} </maml:para><maml:para>To specify multiple values for an attribute </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...} </maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para><maml:para>The following examples show how to use this parameter. </maml:para><maml:para>To set the value of a custom attribute called favColors that takes a set of Unicode strings, use the following syntax: </maml:para><maml:para>-OtherAttributes @{'favColors'="pink","purple"} </maml:para><maml:para>To set values for favColors and dateOfBirth simultaneously, use the following syntax: </maml:para><maml:para>-OtherAttributes @{'favColors'="pink","purple"; 'dateOfBirth'=" 01/01/1960"} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a subnet object to use as a template for a new subnet object.</maml:para><maml:para>You can use an instance of an existing subnet object as a template or you can construct a new subnet object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing subnet object as a template for a new subnet object. To retrieve an instance of an existing subnet object, use the Get-ADReplicationSubnet cmdlet. Then provide this object to the Instance parameter of the New-ADReplicationSubnet cmdlet to create a new subnet object. You can override property values of the new object by setting the appropriate parameters.</maml:para><maml:para>Method 2: Create a new ADReplicationSubnet and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADReplicationSubnet cmdlet to create the new subnet object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSubnet</command:parameterValue><dev:type><maml:name>ADReplicationSubnet</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Location</maml:name><maml:description><maml:para>Specifies a description of the physical location of this subnet. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the subnet. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para><maml:para>Subnet names in Active Directory take the form network/bits masked. For example, the subnet object 172.16.72.0/22 has a subnet of 172.16.72.0 and a 22-bit subnet mask. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAPDisplayName (ldapDisplayName) defined for it in the Active Directory schema. </maml:para><maml:para>Syntax: </maml:para><maml:para>To specify a single value for an attribute: </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value} </maml:para><maml:para>To specify multiple values for an attribute </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...} </maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para><maml:para>The following examples show how to use this parameter. </maml:para><maml:para>To set the value of a custom attribute called favColors that takes a set of Unicode strings, use the following syntax: </maml:para><maml:para>-OtherAttributes @{'favColors'="pink","purple"} </maml:para><maml:para>To set values for favColors and dateOfBirth simultaneously, use the following syntax: </maml:para><maml:para>-OtherAttributes @{'favColors'="pink","purple"; 'dateOfBirth'=" 01/01/1960"} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Site</maml:name><maml:description><maml:para>Specifies the site associated with this subnet. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSite</command:parameterValue><dev:type><maml:name>ADReplicationSite</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADReplicationSubnet</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A subnet object that is a template for the new subnet object is received by the Instance parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADReplicationSubnet</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADReplicationSubnet -Name "10.0.0.0/25" </dev:code><dev:remarks><maml:para>This command creates a new subnet named 10.0.0.0/25.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADReplicationSubnet -Name "10.10.0.0/22" -Site Asia -Location "Tokyo,Japan" </dev:code><dev:remarks><maml:para>This command creates a new subnet named 10.10.0.0/22 with Asia as its associated site, and set the Location property to Tokyo,Japan. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291073</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADReplicationSubnet</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADReplicationSubnet</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADReplicationSubnet</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>New-ADResourceProperty</command:name><maml:description><maml:para>Creates a new resource property in Active Directory. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>New</command:verb><command:noun>ADResourceProperty</command:noun><dev:version /></command:details><maml:description><maml:para>The New-ADResourceProperty cmdlet creates a new resource property in the directory. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>New-ADResourceProperty</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the resource property. The display name of the resource property must be unique. </maml:para><maml:para>The display name of a resource property can be used as an identity in other Active Directory cmdlets. For example, if the display name of a resource property is Country, then you can type Get-ADResourceProperty -Identity "Country" to retrieve the resource property. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AppliesToResourceTypes</maml:name><maml:description><maml:para>Specifies the resource types to which this resource property is applied. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Specifies whether the resource property is enabled. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ID</maml:name><maml:description><maml:para>Specifies the resource property ID. This is an optional parameter. By default, New-ADResourceProperty generates the ID automatically. </maml:para><maml:para>The ID should only be set manually in a multi-forest environment where the same resource properties need to work across forests. For resource properties to be considered identical across forests, their ID must be the same. </maml:para><maml:para>To specify the ID, the ID string must conform to the following format: -- Start with a prefix string of 1 to 15 characters in length. -- The prefix string must be followed by an underscore. -- The prefix string and underscore must be followed by a suffix string of 1 to 16 characters in length. -- All characters contained in either prefix or suffix strings must contain only valid filename characters.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a resource property object to use as a template for a new resource property object. </maml:para><maml:para>You can use an instance of an existing resource property object as a template or you can construct a new resource property object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing resource property object as a template for a new object. To retrieve an instance of an existing resource property object, use a cmdlet such as Get-ADResourceProperty. Then provide this object to the Instance parameter of the New-ADResourceProperty cmdlet to create a new resource property object. You can override property values of the new object by setting the appropriate parameters.</maml:para><maml:para>Method 2: Create a new ADResourceProperty and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADResourceProperty cmdlet to create the new resource property object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourceProperty</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>IsSecured</maml:name><maml:description><maml:para>Indicates whether to configure whether the resource property is secure or not. Only secure resource properties can be used for authorization decisions or used within central access rules. Unsecured resource properties cannot be used for these purposes. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAPDisplayName (ldapDisplayName) defined for it in the Active Directory schema. </maml:para><maml:para>Syntax: </maml:para><maml:para>To specify a single value for an attribute: </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value} </maml:para><maml:para>To specify multiple values for an attribute </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...} </maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>SharesValuesWith</maml:name><maml:description><maml:para>Specifies a reference resource property. Reference resource properties do not provide their own suggested values, but rather use the suggested values from the claim type object specified in this parameter. This enables the resource property to always remain valid for use in comparisons to its referred claim type within a central access rule. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimType</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>SuggestedValues</maml:name><maml:description><maml:para>Specifies one or more suggested values for the resource property. An application may choose to present this list of suggested values for the user to choose from. When RestrictValues is set to $True, the application should restrict the user to pick values from this list only. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADSuggestedValueEntry[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ResourcePropertyValueType</maml:name><maml:description><maml:para>Specifies the value type for this resource property. When a resource property is passed to a resource manager (e.g., File Server), the resource manager leverages the resource property value type to determine how the resource property should be handled. </maml:para><maml:para>The full list of resource property value types can be retrieved by calling the Get-ADResourcePropertyValueType cmdlet. </maml:para><maml:para>Below is a list of the built-in resource property value types available in Active Directory: -- MS-DS-SinglevaluedChoice -- MS-DS-YesNo -- MS-DS-Number -- MS-DS-DateTime -- MS-DS-OrderedList -- MS-DS-Text -- MS-DS-MultivaluedText -- MS-DS-MultivaluedChoice</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourcePropertyValueType</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AppliesToResourceTypes</maml:name><maml:description><maml:para>Specifies the resource types to which this resource property is applied. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the resource property. The display name of the resource property must be unique. </maml:para><maml:para>The display name of a resource property can be used as an identity in other Active Directory cmdlets. For example, if the display name of a resource property is Country, then you can type Get-ADResourceProperty -Identity "Country" to retrieve the resource property. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Specifies whether the resource property is enabled. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue>False</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ID</maml:name><maml:description><maml:para>Specifies the resource property ID. This is an optional parameter. By default, New-ADResourceProperty generates the ID automatically. </maml:para><maml:para>The ID should only be set manually in a multi-forest environment where the same resource properties need to work across forests. For resource properties to be considered identical across forests, their ID must be the same. </maml:para><maml:para>To specify the ID, the ID string must conform to the following format: -- Start with a prefix string of 1 to 15 characters in length. -- The prefix string must be followed by an underscore. -- The prefix string and underscore must be followed by a suffix string of 1 to 16 characters in length. -- All characters contained in either prefix or suffix strings must contain only valid filename characters.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue>Auto-generated</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a resource property object to use as a template for a new resource property object. </maml:para><maml:para>You can use an instance of an existing resource property object as a template or you can construct a new resource property object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing resource property object as a template for a new object. To retrieve an instance of an existing resource property object, use a cmdlet such as Get-ADResourceProperty. Then provide this object to the Instance parameter of the New-ADResourceProperty cmdlet to create a new resource property object. You can override property values of the new object by setting the appropriate parameters.</maml:para><maml:para>Method 2: Create a new ADResourceProperty and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADResourceProperty cmdlet to create the new resource property object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourceProperty</command:parameterValue><dev:type><maml:name>ADResourceProperty</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>IsSecured</maml:name><maml:description><maml:para>Indicates whether to configure whether the resource property is secure or not. Only secure resource properties can be used for authorization decisions or used within central access rules. Unsecured resource properties cannot be used for these purposes. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue>True</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAPDisplayName (ldapDisplayName) defined for it in the Active Directory schema. </maml:para><maml:para>Syntax: </maml:para><maml:para>To specify a single value for an attribute: </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value} </maml:para><maml:para>To specify multiple values for an attribute </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...} </maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ResourcePropertyValueType</maml:name><maml:description><maml:para>Specifies the value type for this resource property. When a resource property is passed to a resource manager (e.g., File Server), the resource manager leverages the resource property value type to determine how the resource property should be handled. </maml:para><maml:para>The full list of resource property value types can be retrieved by calling the Get-ADResourcePropertyValueType cmdlet. </maml:para><maml:para>Below is a list of the built-in resource property value types available in Active Directory: -- MS-DS-SinglevaluedChoice -- MS-DS-YesNo -- MS-DS-Number -- MS-DS-DateTime -- MS-DS-OrderedList -- MS-DS-Text -- MS-DS-MultivaluedText -- MS-DS-MultivaluedChoice</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourcePropertyValueType</command:parameterValue><dev:type><maml:name>ADResourcePropertyValueType</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>SharesValuesWith</maml:name><maml:description><maml:para>Specifies a reference resource property. Reference resource properties do not provide their own suggested values, but rather use the suggested values from the claim type object specified in this parameter. This enables the resource property to always remain valid for use in comparisons to its referred claim type within a central access rule. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimType</command:parameterValue><dev:type><maml:name>ADClaimType</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>SuggestedValues</maml:name><maml:description><maml:para>Specifies one or more suggested values for the resource property. An application may choose to present this list of suggested values for the user to choose from. When RestrictValues is set to $True, the application should restrict the user to pick values from this list only. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADSuggestedValueEntry[]</command:parameterValue><dev:type><maml:name>ADSuggestedValueEntry[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADResourceProperty</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADResourceProperty</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADResourceProperty -DisplayName "Authors" -ResourcePropertyValueType MS-DS-MultivaluedText </dev:code><dev:remarks><maml:para>This command creates a new resource property with display name Authors. The resource property allows the names of multiple authors to be specified. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$us = New-Object Microsoft.ActiveDirectory.Management.ADSuggestedValueEntry("US", "United States of America", "United States of America") PS C:\> $jp = New-Object Microsoft.ActiveDirectory.Management.ADSuggestedValueEntry("JP", "Japan", "Japan") PS C:\> New-ADResourceProperty -DisplayName "Country" -ResourcePropertyValueType MS-DS-MultivaluedChoice -SuggestedValues $us,$jp </dev:code><dev:remarks><maml:para>This command creates a new resource property with display name Country. The suggested values are set to US and JP. Applications using this resource property would allow their users to specify one of the suggested values as this resource property's value.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADResourceProperty -DisplayName "Country" -ResourcePropertyValueType MS-DS-MultivaluedChoice -SharesValuesWith Country </dev:code><dev:remarks><maml:para>This command creates a new reference resource property with display name Country. It uses an existing claim type named Country for its suggested values. This enables the resource property to be always valid for comparisons with the referenced claim type in a central access rule.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADResourceProperty -DisplayName "Authors" -ResourcePropertyValueType MS-DS-MultivaluedText -ID "Authors_60DB20331638" </dev:code><dev:remarks><maml:para>This command creates a new resource property with display name Authors, and sets its ID to Authors_60DB20331638. </maml:para><maml:para>The ID should only be set manually in a multi-forest environment where the same resource property needs to work across forests. By default, New-ADResourceProperty generates the ID automatically. For resource properties to be considered identical across forests, their ID must be the same. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291074</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADResourceProperty</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>New-ADResourcePropertyList</command:name><maml:description><maml:para>Creates a new resource property list in Active Directory. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>New</command:verb><command:noun>ADResourcePropertyList</command:noun><dev:version /></command:details><maml:description><maml:para>The New-ADResourcePropertyList cmdlet creates a resource property list in Active Directory.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>New-ADResourcePropertyList</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of an resource property list object to use as a template for a new resource property list object. </maml:para><maml:para>You can use an instance of an existing resource property list object as a template or you can construct a new resource property list object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing resource property list object as a template for a new object. To retrieve an instance of an existing resource property list object, use a cmdlet such as Get-ADResourcePropertyList. Then provide this object to the Instance parameter of the New-ADResourcePropertyList cmdlet to create a new resource property list object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADResourcePropertyList and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADResourcePropertyList cmdlet to create the new resource property list object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourcePropertyList</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of an resource property list object to use as a template for a new resource property list object. </maml:para><maml:para>You can use an instance of an existing resource property list object as a template or you can construct a new resource property list object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing resource property list object as a template for a new object. To retrieve an instance of an existing resource property list object, use a cmdlet such as Get-ADResourcePropertyList. Then provide this object to the Instance parameter of the New-ADResourcePropertyList cmdlet to create a new resource property list object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADResourcePropertyList and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADResourcePropertyList cmdlet to create the new resource property list object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourcePropertyList</command:parameterValue><dev:type><maml:name>ADResourcePropertyList</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADResourcePropertyList</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADResourcePropertyList</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADResourcePropertyList -Name "Corporate Resource Property List" </dev:code><dev:remarks><maml:para>This command creates a new resource property list named Corporate Resource Property List.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADResourcePropertyList -Name "Corporate Resource Property List" -Description "For corporate documents." </dev:code><dev:remarks><maml:para>This command creates a new resource property list named Corporate Resource Property List with the description For corporate documents. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADResourcePropertyList -Identity "Corporate Resource Property List" | New-ADResourcePropertyList -Name "Finance Resource Property List" </dev:code><dev:remarks><maml:para>This command creates a new resource property list using the property values from a Corporate Resource Property List. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291075</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>New-ADServiceAccount</command:name><maml:description><maml:para>Creates a new Active Directory managed service account or group managed service account object.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>New</command:verb><command:noun>ADServiceAccount</command:noun><dev:version /></command:details><maml:description><maml:para>The New-ADServiceAccount cmdlet creates a new Active Directory managed service account (MSA). By default, the cmdlet creates a group MSA. To create a standalone MSA which is linked to a specific computer, use the -RestrictToSingleComputer parameter. To create a group MSA which can only be used in client roles, use the -RestrictToOutboundAuthenticationOnly parameter. This creates a group MSA which can be used for outbound connections only and any attempts to connect to services using this account will fail since the account does not have enough information for authentication to be successful. You can set commonly used MSA property values by using the cmdlet parameters. Property values that are not associated with cmdlet parameters can be set by using the OtherAttributes parameter. </maml:para><maml:para>The Path parameter specifies the container or organizational unit (OU) for the new MSA object. When you do not specify the Path parameter, the cmdlet creates an object in the default Managed Service Accounts container for MSA objects in the domain.</maml:para><maml:para>The following methods explain different ways to create an object by using this cmdlet.</maml:para><maml:para>Method 1: Use the New-ADServiceAccount cmdlet, specify the required parameters, and set any additional property values by using the cmdlet parameters. </maml:para><maml:para>Method 2: Use a template to create the new object. To do this, create a new MSA object or retrieve a copy of an existing MSA object and set the Instance parameter to this object. The object provided to the Instance parameter is used as a template for the new object. You can override property values from the template by setting cmdlet parameters. For examples and more information, see the Instance parameter description for this cmdlet.</maml:para><maml:para>Method 3: Use the <maml:navigationLink><maml:linkText>Import-CSV</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet with the New-ADServiceAccount cmdlet to create multiple Active Directory MSA objects. To do this, use the Import-CSV cmdlet to create the custom objects from a comma-separated value (CSV) file that contains a list of object properties. For more information, type Get-Help Import-CSV. Then pass these objects through the pipeline to the New-ADServiceAccount cmdlet to create the MSA objects.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>New-ADServiceAccount</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AccountExpirationDate</maml:name><maml:description><maml:para>Specifies the expiration date for an account. When you set this parameter to 0, the account never expires. This parameter sets the AccountExpirationDate property of an account object. The LDAP display name (ldapDisplayName) for this property is accountExpires.</maml:para><maml:para>Use the DateTime syntax when you specify this parameter. Time is assumed to be local time unless otherwise specified. When a time value is not specified, the time is assumed to 12:00:00 AM local time. When a date is not specified, the date is assumed to be the current date. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AccountNotDelegated</maml:name><maml:description><maml:para>Indicates whether the security context of the user is delegated to a service. When this parameter is set to true, the security context of the account is not delegated to a service even when the service account is set as trusted for Kerberos delegation. This parameter sets the AccountNotDelegated property for an Active Directory account. This parameter also sets the ADS_UF_NOT_DELEGATED flag of the Active Directory User Account Control (UAC) attribute. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AuthenticationPolicy</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy object. Specify the authentication policy object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AuthenticationPolicySilo</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy silo object. Specify the authentication policy silo object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Certificates</maml:name><maml:description><maml:para>Specifies an array of certificates. The cmdlet modifies the DER-encoded X.509v3 certificates of the account. These certificates include the public key certificates issued to this account by the Microsoft Certificate Service. This parameter sets the Certificates property of the account object. The LDAP Display Name (ldapDisplayName) for this property is userCertificate.</maml:para><maml:para>Syntax:</maml:para><maml:para>To add values: </maml:para><maml:para>-Certificates @{Add=value1,value2,...} </maml:para><maml:para>To remove values:</maml:para><maml:para>-Certificates @{Remove=value3,value4,...} </maml:para><maml:para>To replace values:</maml:para><maml:para>-Certificates @{Replace=value1,value2,...} </maml:para><maml:para>To clear all values:</maml:para><maml:para>-Certificates $Null</maml:para><maml:para>You can specify more than one operation by using a list separated by semicolons. For example, use the following syntax to add and remove Certificate values: </maml:para><maml:para>-Certificates @{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>CompoundIdentitySupported</maml:name><maml:description><maml:para>Indicates whether an account supports Kerberos service tickets which includes the authorization data for the user's device. This value sets the compound identity supported flag of the Active Directory msDS-SupportedEncryptionTypes attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para><maml:para>Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore any changes to the flag on the msDS-SupportedEncryptionTypes attribute will be overwritten by the service or system which manages the setting. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the service account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type an administrative account name, such as Admin1 or Contoso\Admin1 or you can specify a PSCredential object. If you specify a service account name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then use it to specify the Credential parameter to the ADServiceAccount object.</maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Indicates whether an account is enabled. An enabled account requires a password. This parameter sets the Enabled property for an account object. This parameter also sets the ADS_UF_ACCOUNTDISABLE flag of the Active Directory UAC attribute. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>HomePage</maml:name><maml:description><maml:para>Specifies the URL of the home page of the object. This parameter sets the homePage property of an Active Directory object. The LDAP Display Name (ldapDisplayName) for this property is wWWHomePage.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a service account object to use as a template for a new service account object.</maml:para><maml:para>You can use an instance of an existing service account object as a template or you can construct a new service account object for template use. You can construct a new service account using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADServiceAccount</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>KerberosEncryptionType</maml:name><maml:description><maml:para>Indicates whether an account supports Kerberos encryption types which are used during creation of service tickets. This value sets the encryption types supported flags of the Active Directory msDS-SupportedEncryptionTypes attribute. The acceptable values for this parameter are: -- None -- DES -- RC4 -- AES128 -- AES256</maml:para><maml:para>None will remove all encryption types from the account may result in the KDC being unable to issue service tickets for services using the account.</maml:para><maml:para>DES is a weak encryption type which is not supported by default since Windows 7 and Windows Server 2008 R2.</maml:para><maml:para>Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore any changes to the flag on the msDS-SupportedEncryptionTypes attribute will be overwritten by the service or system which manages the setting.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">None</command:parameterValue><command:parameterValue required="true" variableLength="false">DES</command:parameterValue><command:parameterValue required="true" variableLength="false">RC4</command:parameterValue><command:parameterValue required="true" variableLength="false">AES128</command:parameterValue><command:parameterValue required="true" variableLength="false">AES256</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ManagedPasswordIntervalInDays</maml:name><maml:description><maml:para>Specifies the number of days for the password change interval. If set to 0 then the default is used. This can only be set on object creation. After that the setting is read only. This value returns the msDS-ManagedPasswordInterval of the group managed service account object. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAP Display Name (ldapDisplayName) defined for it in the Active Directory schema. </maml:para><maml:para>Syntax:</maml:para><maml:para>To specify a single value for an attribute:</maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value}</maml:para><maml:para>To specify multiple values for an attribute</maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...}</maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created. </maml:para><maml:para>In many cases, a default value will be used for the Path parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Path will be set in the following cases: -- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example: in New-ADUser, the Path parameter would default to the Users container. -- If none of the previous cases apply, the default value of Path will be set to the default partition or naming context of the target domain.</maml:para><maml:para>In AD LDS environments, a default value for Path will be set in the following cases: -- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example: in New-ADUser, the Path parameter would default to the Users container. -- If the target AD LDS instance has a default naming context, the default value of Path will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Path parameter will not take any default value.</maml:para><maml:para>Note: The Active Directory Provider cmdlets, such New-Item, Remove-Item, Remove-ItemProperty, Rename-Item, and Set-ItemProperty also contain a Path property. However, for the provider cmdlets, the Path parameter identifies the path of the actual object and not the container as with the Active Directory cmdlets. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>PrincipalsAllowedToDelegateToAccount</maml:name><maml:description><maml:para>Specifies the accounts which can act on the behalf of users to services running as this Managed Service Account or Group Managed Service Account. This parameter sets the msDS-AllowedToActOnBehalfOfOtherIdentity attribute of the object.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>PrincipalsAllowedToRetrieveManagedPassword</maml:name><maml:description><maml:para>Specifies the membership policy for systems which can use a group managed service account. For a service to run under a group managed service account, the system must be in the membership policy of the account. This parameter sets the msDS-GroupMSAMembership attribute of a group managed service account object. This parameter should be set to the principals allowed to use this group managed service account.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>SamAccountName</maml:name><maml:description><maml:para>Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. The maximum length of the description is 256 characters. To be compatible with older operating systems, create a SAM account name that is 20 characters or less. This parameter sets the SAMAccountName for an account object. The LDAP display name (ldapDisplayName) for this property is sAMAccountName.</maml:para><maml:para>Note: If the SAMAccountName string provided, does not end with a $, one will be appended if needed. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Domain name values: -- Fully qualified domain name (FQDN) -- NetBIOS name</maml:para><maml:para>Directory server values: -- Fully qualified directory server name -- NetBIOS name -- Fully qualified directory server name and port</maml:para><maml:para>The default value for the Server parameter is determined by one of the following methods in the order that they are listed: -- By using Server value from objects passed through the pipeline. -- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. -- By using the domain of the computer running PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ServicePrincipalNames</maml:name><maml:description><maml:para>Specifies the service principal names for the account. This parameter sets the ServicePrincipalNames property of the account. The LDAP display name (ldapDisplayName) for this property is servicePrincipalName. This parameter uses the following syntax to add remove, replace or clear service principal name values.</maml:para><maml:para>Syntax:</maml:para><maml:para>To add values: </maml:para><maml:para>-ServicePrincipalNames @{Add=value1,value2,...}</maml:para><maml:para>To remove values:</maml:para><maml:para>-ServicePrincipalNames @{Remove=value3,value4,...}</maml:para><maml:para>To replace values:</maml:para><maml:para>-ServicePrincipalNames @{Replace=value1,value2,...}</maml:para><maml:para>To clear all values:</maml:para><maml:para>-ServicePrincipalNames $Null</maml:para><maml:para>You can specify more than one change by using a list separated by semicolons. For example, use the following syntax to add and remove service principal names. </maml:para><maml:para>@{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>TrustedForDelegation</maml:name><maml:description><maml:para>Indicates whether an account is trusted for Kerberos delegation. A service that runs under an account that is trusted for Kerberos delegation can assume the identity of a client requesting the service. This parameter sets the TrustedForDelegation property of an account object. This value also sets the ADS_UF_TRUSTED_FOR_DELEGATION flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>DNSHostName</maml:name><maml:description><maml:para>Specifies the Domain Name System (DNS) host name. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>New-ADServiceAccount</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AccountExpirationDate</maml:name><maml:description><maml:para>Specifies the expiration date for an account. When you set this parameter to 0, the account never expires. This parameter sets the AccountExpirationDate property of an account object. The LDAP display name (ldapDisplayName) for this property is accountExpires.</maml:para><maml:para>Use the DateTime syntax when you specify this parameter. Time is assumed to be local time unless otherwise specified. When a time value is not specified, the time is assumed to 12:00:00 AM local time. When a date is not specified, the date is assumed to be the current date. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AccountNotDelegated</maml:name><maml:description><maml:para>Indicates whether the security context of the user is delegated to a service. When this parameter is set to true, the security context of the account is not delegated to a service even when the service account is set as trusted for Kerberos delegation. This parameter sets the AccountNotDelegated property for an Active Directory account. This parameter also sets the ADS_UF_NOT_DELEGATED flag of the Active Directory User Account Control (UAC) attribute. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AccountPassword</maml:name><maml:description><maml:para>Specifies a new password value for the service account. This value is stored as an encrypted string. </maml:para><maml:para>The following conditions apply based on the manner in which the password parameter is used: -- $Null password is specified. Random password is set and the account is enabled unless it is requested to be disabled. -- No password is specified. Random password is set and the account is enabled unless it is requested to be disabled. -- User password is specified. Password is set and the account is enabled unless it is requested to be disabled, unless the password you provided does not meet password policy or was not set for other reasons, at which point the account is disabled.</maml:para><maml:para>The new ADServiceAccount object will always either be disabled or have a user-requested or randomly-generated password. There is no way to create an enabled service account account object with a password that violates domain password policy, such as an empty password. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AuthenticationPolicy</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy object. Specify the authentication policy object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AuthenticationPolicySilo</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy silo object. Specify the authentication policy silo object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Certificates</maml:name><maml:description><maml:para>Specifies an array of certificates. The cmdlet modifies the DER-encoded X.509v3 certificates of the account. These certificates include the public key certificates issued to this account by the Microsoft Certificate Service. This parameter sets the Certificates property of the account object. The LDAP Display Name (ldapDisplayName) for this property is userCertificate.</maml:para><maml:para>Syntax:</maml:para><maml:para>To add values: </maml:para><maml:para>-Certificates @{Add=value1,value2,...} </maml:para><maml:para>To remove values:</maml:para><maml:para>-Certificates @{Remove=value3,value4,...} </maml:para><maml:para>To replace values:</maml:para><maml:para>-Certificates @{Replace=value1,value2,...} </maml:para><maml:para>To clear all values:</maml:para><maml:para>-Certificates $Null</maml:para><maml:para>You can specify more than one operation by using a list separated by semicolons. For example, use the following syntax to add and remove Certificate values: </maml:para><maml:para>-Certificates @{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the service account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type an administrative account name, such as Admin1 or Contoso\Admin1 or you can specify a PSCredential object. If you specify a service account name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then use it to specify the Credential parameter to the ADServiceAccount object.</maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Indicates whether an account is enabled. An enabled account requires a password. This parameter sets the Enabled property for an account object. This parameter also sets the ADS_UF_ACCOUNTDISABLE flag of the Active Directory UAC attribute. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>HomePage</maml:name><maml:description><maml:para>Specifies the URL of the home page of the object. This parameter sets the homePage property of an Active Directory object. The LDAP Display Name (ldapDisplayName) for this property is wWWHomePage.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a service account object to use as a template for a new service account object.</maml:para><maml:para>You can use an instance of an existing service account object as a template or you can construct a new service account object for template use. You can construct a new service account using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADServiceAccount</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>KerberosEncryptionType</maml:name><maml:description><maml:para>Indicates whether an account supports Kerberos encryption types which are used during creation of service tickets. This value sets the encryption types supported flags of the Active Directory msDS-SupportedEncryptionTypes attribute. The acceptable values for this parameter are: -- None -- DES -- RC4 -- AES128 -- AES256</maml:para><maml:para>None will remove all encryption types from the account may result in the KDC being unable to issue service tickets for services using the account.</maml:para><maml:para>DES is a weak encryption type which is not supported by default since Windows 7 and Windows Server 2008 R2.</maml:para><maml:para>Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore any changes to the flag on the msDS-SupportedEncryptionTypes attribute will be overwritten by the service or system which manages the setting.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">None</command:parameterValue><command:parameterValue required="true" variableLength="false">DES</command:parameterValue><command:parameterValue required="true" variableLength="false">RC4</command:parameterValue><command:parameterValue required="true" variableLength="false">AES128</command:parameterValue><command:parameterValue required="true" variableLength="false">AES256</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAP Display Name (ldapDisplayName) defined for it in the Active Directory schema. </maml:para><maml:para>Syntax:</maml:para><maml:para>To specify a single value for an attribute:</maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value}</maml:para><maml:para>To specify multiple values for an attribute</maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...}</maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created. </maml:para><maml:para>In many cases, a default value will be used for the Path parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Path will be set in the following cases: -- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example: in New-ADUser, the Path parameter would default to the Users container. -- If none of the previous cases apply, the default value of Path will be set to the default partition or naming context of the target domain.</maml:para><maml:para>In AD LDS environments, a default value for Path will be set in the following cases: -- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example: in New-ADUser, the Path parameter would default to the Users container. -- If the target AD LDS instance has a default naming context, the default value of Path will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Path parameter will not take any default value.</maml:para><maml:para>Note: The Active Directory Provider cmdlets, such New-Item, Remove-Item, Remove-ItemProperty, Rename-Item, and Set-ItemProperty also contain a Path property. However, for the provider cmdlets, the Path parameter identifies the path of the actual object and not the container as with the Active Directory cmdlets. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>SamAccountName</maml:name><maml:description><maml:para>Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. The maximum length of the description is 256 characters. To be compatible with older operating systems, create a SAM account name that is 20 characters or less. This parameter sets the SAMAccountName for an account object. The LDAP display name (ldapDisplayName) for this property is sAMAccountName.</maml:para><maml:para>Note: If the SAMAccountName string provided, does not end with a $, one will be appended if needed. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Domain name values: -- Fully qualified domain name (FQDN) -- NetBIOS name</maml:para><maml:para>Directory server values: -- Fully qualified directory server name -- NetBIOS name -- Fully qualified directory server name and port</maml:para><maml:para>The default value for the Server parameter is determined by one of the following methods in the order that they are listed: -- By using Server value from objects passed through the pipeline. -- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. -- By using the domain of the computer running PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ServicePrincipalNames</maml:name><maml:description><maml:para>Specifies the service principal names for the account. This parameter sets the ServicePrincipalNames property of the account. The LDAP display name (ldapDisplayName) for this property is servicePrincipalName. This parameter uses the following syntax to add remove, replace or clear service principal name values.</maml:para><maml:para>Syntax:</maml:para><maml:para>To add values: </maml:para><maml:para>-ServicePrincipalNames @{Add=value1,value2,...}</maml:para><maml:para>To remove values:</maml:para><maml:para>-ServicePrincipalNames @{Remove=value3,value4,...}</maml:para><maml:para>To replace values:</maml:para><maml:para>-ServicePrincipalNames @{Replace=value1,value2,...}</maml:para><maml:para>To clear all values:</maml:para><maml:para>-ServicePrincipalNames $Null</maml:para><maml:para>You can specify more than one change by using a list separated by semicolons. For example, use the following syntax to add and remove service principal names. </maml:para><maml:para>@{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>TrustedForDelegation</maml:name><maml:description><maml:para>Indicates whether an account is trusted for Kerberos delegation. A service that runs under an account that is trusted for Kerberos delegation can assume the identity of a client requesting the service. This parameter sets the TrustedForDelegation property of an account object. This value also sets the ADS_UF_TRUSTED_FOR_DELEGATION flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>RestrictToSingleComputer</maml:name><maml:description><maml:para>Indicates that the cmdlet creates a managed service account that can be used only for a single computer. These managed service accounts which are linked to a single computer account were introduced in Windows Server 2008 R2.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>New-ADServiceAccount</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AccountExpirationDate</maml:name><maml:description><maml:para>Specifies the expiration date for an account. When you set this parameter to 0, the account never expires. This parameter sets the AccountExpirationDate property of an account object. The LDAP display name (ldapDisplayName) for this property is accountExpires.</maml:para><maml:para>Use the DateTime syntax when you specify this parameter. Time is assumed to be local time unless otherwise specified. When a time value is not specified, the time is assumed to 12:00:00 AM local time. When a date is not specified, the date is assumed to be the current date. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AccountNotDelegated</maml:name><maml:description><maml:para>Indicates whether the security context of the user is delegated to a service. When this parameter is set to true, the security context of the account is not delegated to a service even when the service account is set as trusted for Kerberos delegation. This parameter sets the AccountNotDelegated property for an Active Directory account. This parameter also sets the ADS_UF_NOT_DELEGATED flag of the Active Directory User Account Control (UAC) attribute. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AuthenticationPolicy</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy object. Specify the authentication policy object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AuthenticationPolicySilo</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy silo object. Specify the authentication policy silo object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Certificates</maml:name><maml:description><maml:para>Specifies an array of certificates. The cmdlet modifies the DER-encoded X.509v3 certificates of the account. These certificates include the public key certificates issued to this account by the Microsoft Certificate Service. This parameter sets the Certificates property of the account object. The LDAP Display Name (ldapDisplayName) for this property is userCertificate.</maml:para><maml:para>Syntax:</maml:para><maml:para>To add values: </maml:para><maml:para>-Certificates @{Add=value1,value2,...} </maml:para><maml:para>To remove values:</maml:para><maml:para>-Certificates @{Remove=value3,value4,...} </maml:para><maml:para>To replace values:</maml:para><maml:para>-Certificates @{Replace=value1,value2,...} </maml:para><maml:para>To clear all values:</maml:para><maml:para>-Certificates $Null</maml:para><maml:para>You can specify more than one operation by using a list separated by semicolons. For example, use the following syntax to add and remove Certificate values: </maml:para><maml:para>-Certificates @{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the service account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type an administrative account name, such as Admin1 or Contoso\Admin1 or you can specify a PSCredential object. If you specify a service account name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then use it to specify the Credential parameter to the ADServiceAccount object.</maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Indicates whether an account is enabled. An enabled account requires a password. This parameter sets the Enabled property for an account object. This parameter also sets the ADS_UF_ACCOUNTDISABLE flag of the Active Directory UAC attribute. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>HomePage</maml:name><maml:description><maml:para>Specifies the URL of the home page of the object. This parameter sets the homePage property of an Active Directory object. The LDAP Display Name (ldapDisplayName) for this property is wWWHomePage.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a service account object to use as a template for a new service account object.</maml:para><maml:para>You can use an instance of an existing service account object as a template or you can construct a new service account object for template use. You can construct a new service account using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADServiceAccount</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>KerberosEncryptionType</maml:name><maml:description><maml:para>Indicates whether an account supports Kerberos encryption types which are used during creation of service tickets. This value sets the encryption types supported flags of the Active Directory msDS-SupportedEncryptionTypes attribute. The acceptable values for this parameter are: -- None -- DES -- RC4 -- AES128 -- AES256</maml:para><maml:para>None will remove all encryption types from the account may result in the KDC being unable to issue service tickets for services using the account.</maml:para><maml:para>DES is a weak encryption type which is not supported by default since Windows 7 and Windows Server 2008 R2.</maml:para><maml:para>Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore any changes to the flag on the msDS-SupportedEncryptionTypes attribute will be overwritten by the service or system which manages the setting.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">None</command:parameterValue><command:parameterValue required="true" variableLength="false">DES</command:parameterValue><command:parameterValue required="true" variableLength="false">RC4</command:parameterValue><command:parameterValue required="true" variableLength="false">AES128</command:parameterValue><command:parameterValue required="true" variableLength="false">AES256</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAP Display Name (ldapDisplayName) defined for it in the Active Directory schema. </maml:para><maml:para>Syntax:</maml:para><maml:para>To specify a single value for an attribute:</maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value}</maml:para><maml:para>To specify multiple values for an attribute</maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...}</maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created. </maml:para><maml:para>In many cases, a default value will be used for the Path parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Path will be set in the following cases: -- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example: in New-ADUser, the Path parameter would default to the Users container. -- If none of the previous cases apply, the default value of Path will be set to the default partition or naming context of the target domain.</maml:para><maml:para>In AD LDS environments, a default value for Path will be set in the following cases: -- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example: in New-ADUser, the Path parameter would default to the Users container. -- If the target AD LDS instance has a default naming context, the default value of Path will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Path parameter will not take any default value.</maml:para><maml:para>Note: The Active Directory Provider cmdlets, such New-Item, Remove-Item, Remove-ItemProperty, Rename-Item, and Set-ItemProperty also contain a Path property. However, for the provider cmdlets, the Path parameter identifies the path of the actual object and not the container as with the Active Directory cmdlets. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>SamAccountName</maml:name><maml:description><maml:para>Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. The maximum length of the description is 256 characters. To be compatible with older operating systems, create a SAM account name that is 20 characters or less. This parameter sets the SAMAccountName for an account object. The LDAP display name (ldapDisplayName) for this property is sAMAccountName.</maml:para><maml:para>Note: If the SAMAccountName string provided, does not end with a $, one will be appended if needed. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Domain name values: -- Fully qualified domain name (FQDN) -- NetBIOS name</maml:para><maml:para>Directory server values: -- Fully qualified directory server name -- NetBIOS name -- Fully qualified directory server name and port</maml:para><maml:para>The default value for the Server parameter is determined by one of the following methods in the order that they are listed: -- By using Server value from objects passed through the pipeline. -- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. -- By using the domain of the computer running PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ServicePrincipalNames</maml:name><maml:description><maml:para>Specifies the service principal names for the account. This parameter sets the ServicePrincipalNames property of the account. The LDAP display name (ldapDisplayName) for this property is servicePrincipalName. This parameter uses the following syntax to add remove, replace or clear service principal name values.</maml:para><maml:para>Syntax:</maml:para><maml:para>To add values: </maml:para><maml:para>-ServicePrincipalNames @{Add=value1,value2,...}</maml:para><maml:para>To remove values:</maml:para><maml:para>-ServicePrincipalNames @{Remove=value3,value4,...}</maml:para><maml:para>To replace values:</maml:para><maml:para>-ServicePrincipalNames @{Replace=value1,value2,...}</maml:para><maml:para>To clear all values:</maml:para><maml:para>-ServicePrincipalNames $Null</maml:para><maml:para>You can specify more than one change by using a list separated by semicolons. For example, use the following syntax to add and remove service principal names. </maml:para><maml:para>@{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>TrustedForDelegation</maml:name><maml:description><maml:para>Indicates whether an account is trusted for Kerberos delegation. A service that runs under an account that is trusted for Kerberos delegation can assume the identity of a client requesting the service. This parameter sets the TrustedForDelegation property of an account object. This value also sets the ADS_UF_TRUSTED_FOR_DELEGATION flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>RestrictToOutboundAuthenticationOnly</maml:name><maml:description><maml:para>Indicates that the cmdlet creates a group managed service account which on success can be used by a service for successful outbound authentication requests only. This allows creating a group managed service account without the parameters required for successful inbound authentication.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AccountExpirationDate</maml:name><maml:description><maml:para>Specifies the expiration date for an account. When you set this parameter to 0, the account never expires. This parameter sets the AccountExpirationDate property of an account object. The LDAP display name (ldapDisplayName) for this property is accountExpires.</maml:para><maml:para>Use the DateTime syntax when you specify this parameter. Time is assumed to be local time unless otherwise specified. When a time value is not specified, the time is assumed to 12:00:00 AM local time. When a date is not specified, the date is assumed to be the current date. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue><dev:type><maml:name>DateTime</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AccountNotDelegated</maml:name><maml:description><maml:para>Indicates whether the security context of the user is delegated to a service. When this parameter is set to true, the security context of the account is not delegated to a service even when the service account is set as trusted for Kerberos delegation. This parameter sets the AccountNotDelegated property for an Active Directory account. This parameter also sets the ADS_UF_NOT_DELEGATED flag of the Active Directory User Account Control (UAC) attribute. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AccountPassword</maml:name><maml:description><maml:para>Specifies a new password value for the service account. This value is stored as an encrypted string. </maml:para><maml:para>The following conditions apply based on the manner in which the password parameter is used: -- $Null password is specified. Random password is set and the account is enabled unless it is requested to be disabled. -- No password is specified. Random password is set and the account is enabled unless it is requested to be disabled. -- User password is specified. Password is set and the account is enabled unless it is requested to be disabled, unless the password you provided does not meet password policy or was not set for other reasons, at which point the account is disabled.</maml:para><maml:para>The new ADServiceAccount object will always either be disabled or have a user-requested or randomly-generated password. There is no way to create an enabled service account account object with a password that violates domain password policy, such as an empty password. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue><dev:type><maml:name>SecureString</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AuthenticationPolicy</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy object. Specify the authentication policy object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AuthenticationPolicySilo</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy silo object. Specify the authentication policy silo object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicySilo</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Certificates</maml:name><maml:description><maml:para>Specifies an array of certificates. The cmdlet modifies the DER-encoded X.509v3 certificates of the account. These certificates include the public key certificates issued to this account by the Microsoft Certificate Service. This parameter sets the Certificates property of the account object. The LDAP Display Name (ldapDisplayName) for this property is userCertificate.</maml:para><maml:para>Syntax:</maml:para><maml:para>To add values: </maml:para><maml:para>-Certificates @{Add=value1,value2,...} </maml:para><maml:para>To remove values:</maml:para><maml:para>-Certificates @{Remove=value3,value4,...} </maml:para><maml:para>To replace values:</maml:para><maml:para>-Certificates @{Replace=value1,value2,...} </maml:para><maml:para>To clear all values:</maml:para><maml:para>-Certificates $Null</maml:para><maml:para>You can specify more than one operation by using a list separated by semicolons. For example, use the following syntax to add and remove Certificate values: </maml:para><maml:para>-Certificates @{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>CompoundIdentitySupported</maml:name><maml:description><maml:para>Indicates whether an account supports Kerberos service tickets which includes the authorization data for the user's device. This value sets the compound identity supported flag of the Active Directory msDS-SupportedEncryptionTypes attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para><maml:para>Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore any changes to the flag on the msDS-SupportedEncryptionTypes attribute will be overwritten by the service or system which manages the setting. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the service account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type an administrative account name, such as Admin1 or Contoso\Admin1 or you can specify a PSCredential object. If you specify a service account name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then use it to specify the Credential parameter to the ADServiceAccount object.</maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>DNSHostName</maml:name><maml:description><maml:para>Specifies the Domain Name System (DNS) host name. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Indicates whether an account is enabled. An enabled account requires a password. This parameter sets the Enabled property for an account object. This parameter also sets the ADS_UF_ACCOUNTDISABLE flag of the Active Directory UAC attribute. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>HomePage</maml:name><maml:description><maml:para>Specifies the URL of the home page of the object. This parameter sets the homePage property of an Active Directory object. The LDAP Display Name (ldapDisplayName) for this property is wWWHomePage.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a service account object to use as a template for a new service account object.</maml:para><maml:para>You can use an instance of an existing service account object as a template or you can construct a new service account object for template use. You can construct a new service account using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADServiceAccount</command:parameterValue><dev:type><maml:name>ADServiceAccount</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>KerberosEncryptionType</maml:name><maml:description><maml:para>Indicates whether an account supports Kerberos encryption types which are used during creation of service tickets. This value sets the encryption types supported flags of the Active Directory msDS-SupportedEncryptionTypes attribute. The acceptable values for this parameter are: -- None -- DES -- RC4 -- AES128 -- AES256</maml:para><maml:para>None will remove all encryption types from the account may result in the KDC being unable to issue service tickets for services using the account.</maml:para><maml:para>DES is a weak encryption type which is not supported by default since Windows 7 and Windows Server 2008 R2.</maml:para><maml:para>Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore any changes to the flag on the msDS-SupportedEncryptionTypes attribute will be overwritten by the service or system which manages the setting.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADKerberosEncryptionType</command:parameterValue><dev:type><maml:name>ADKerberosEncryptionType</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ManagedPasswordIntervalInDays</maml:name><maml:description><maml:para>Specifies the number of days for the password change interval. If set to 0 then the default is used. This can only be set on object creation. After that the setting is read only. This value returns the msDS-ManagedPasswordInterval of the group managed service account object. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue>30</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAP Display Name (ldapDisplayName) defined for it in the Active Directory schema. </maml:para><maml:para>Syntax:</maml:para><maml:para>To specify a single value for an attribute:</maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value}</maml:para><maml:para>To specify multiple values for an attribute</maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...}</maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created. </maml:para><maml:para>In many cases, a default value will be used for the Path parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Path will be set in the following cases: -- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example: in New-ADUser, the Path parameter would default to the Users container. -- If none of the previous cases apply, the default value of Path will be set to the default partition or naming context of the target domain.</maml:para><maml:para>In AD LDS environments, a default value for Path will be set in the following cases: -- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example: in New-ADUser, the Path parameter would default to the Users container. -- If the target AD LDS instance has a default naming context, the default value of Path will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Path parameter will not take any default value.</maml:para><maml:para>Note: The Active Directory Provider cmdlets, such New-Item, Remove-Item, Remove-ItemProperty, Rename-Item, and Set-ItemProperty also contain a Path property. However, for the provider cmdlets, the Path parameter identifies the path of the actual object and not the container as with the Active Directory cmdlets. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>PrincipalsAllowedToDelegateToAccount</maml:name><maml:description><maml:para>Specifies the accounts which can act on the behalf of users to services running as this Managed Service Account or Group Managed Service Account. This parameter sets the msDS-AllowedToActOnBehalfOfOtherIdentity attribute of the object.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue><dev:type><maml:name>ADPrincipal[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>PrincipalsAllowedToRetrieveManagedPassword</maml:name><maml:description><maml:para>Specifies the membership policy for systems which can use a group managed service account. For a service to run under a group managed service account, the system must be in the membership policy of the account. This parameter sets the msDS-GroupMSAMembership attribute of a group managed service account object. This parameter should be set to the principals allowed to use this group managed service account.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue><dev:type><maml:name>ADPrincipal[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>RestrictToOutboundAuthenticationOnly</maml:name><maml:description><maml:para>Indicates that the cmdlet creates a group managed service account which on success can be used by a service for successful outbound authentication requests only. This allows creating a group managed service account without the parameters required for successful inbound authentication.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>RestrictToSingleComputer</maml:name><maml:description><maml:para>Indicates that the cmdlet creates a managed service account that can be used only for a single computer. These managed service accounts which are linked to a single computer account were introduced in Windows Server 2008 R2.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>SamAccountName</maml:name><maml:description><maml:para>Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. The maximum length of the description is 256 characters. To be compatible with older operating systems, create a SAM account name that is 20 characters or less. This parameter sets the SAMAccountName for an account object. The LDAP display name (ldapDisplayName) for this property is sAMAccountName.</maml:para><maml:para>Note: If the SAMAccountName string provided, does not end with a $, one will be appended if needed. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Domain name values: -- Fully qualified domain name (FQDN) -- NetBIOS name</maml:para><maml:para>Directory server values: -- Fully qualified directory server name -- NetBIOS name -- Fully qualified directory server name and port</maml:para><maml:para>The default value for the Server parameter is determined by one of the following methods in the order that they are listed: -- By using Server value from objects passed through the pipeline. -- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. -- By using the domain of the computer running PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ServicePrincipalNames</maml:name><maml:description><maml:para>Specifies the service principal names for the account. This parameter sets the ServicePrincipalNames property of the account. The LDAP display name (ldapDisplayName) for this property is servicePrincipalName. This parameter uses the following syntax to add remove, replace or clear service principal name values.</maml:para><maml:para>Syntax:</maml:para><maml:para>To add values: </maml:para><maml:para>-ServicePrincipalNames @{Add=value1,value2,...}</maml:para><maml:para>To remove values:</maml:para><maml:para>-ServicePrincipalNames @{Remove=value3,value4,...}</maml:para><maml:para>To replace values:</maml:para><maml:para>-ServicePrincipalNames @{Replace=value1,value2,...}</maml:para><maml:para>To clear all values:</maml:para><maml:para>-ServicePrincipalNames $Null</maml:para><maml:para>You can specify more than one change by using a list separated by semicolons. For example, use the following syntax to add and remove service principal names. </maml:para><maml:para>@{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>TrustedForDelegation</maml:name><maml:description><maml:para>Indicates whether an account is trusted for Kerberos delegation. A service that runs under an account that is trusted for Kerberos delegation can assume the identity of a client requesting the service. This parameter sets the TrustedForDelegation property of an account object. This value also sets the ADS_UF_TRUSTED_FOR_DELEGATION flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A managed service account object that is a template for the new managed service account object is received by the Instance parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the new managed service account object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet requires that you create a Microsoft Key Distribution Service root key first to begin using group managed service accounts in your Active Directory deployment. For more information on how to create the KDS root key using Windows PowerShell, see <maml:navigationLink><maml:linkText>Create the Key Distribution Services KDS Root Key</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=253584).</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> New-ADServiceAccount -Name "service01" -DNSHostName "service01.contoso.com" -Enabled $true </dev:code><dev:remarks><maml:para>This command creates a new enabled managed service account in AD DS.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> New-ADServiceAccount -Name "service01" -ServicePrincipalNames "MSSQLSVC/Machine3.corp.contoso.com" -DNSHostName "service01.contoso.com" </dev:code><dev:remarks><maml:para>This command creates a new managed service account and register its service principal name. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> New-ADServiceAccount -Name "service01" -RestrictToSingleComputer </dev:code><dev:remarks><maml:para>This command creates a new managed service account and restrict its use to only a single computer. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADServiceAccount -Name "service01" -RestrictToOutboundAuthenticationOnly </dev:code><dev:remarks><maml:para>This command creates a new managed service account and restrict its use to only outbound authentication. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291076</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Install-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Uninstall-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>New-ADUser</command:name><maml:description><maml:para>Creates a new Active Directory user.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>New</command:verb><command:noun>ADUser</command:noun><dev:version /></command:details><maml:description><maml:para>The New-ADUser cmdlet creates a new Active Directory user. You can set commonly used user property values by using the cmdlet parameters. </maml:para><maml:para>Property values that are not associated with cmdlet parameters can be set by using the OtherAttributes parameter. When using this parameter be sure to place single quotes around the attribute name.</maml:para><maml:para>You must specify the SamAccountName parameter to create a user. </maml:para><maml:para>You can use the New-ADUser cmdlet to create different types of user accounts such as iNetOrgPerson accounts. To do this in AD DS, set the Type parameter to the LDAP display name for the type of account you want to create. This type can be any class in the Active Directory schema that is a subclass of user and that has an object category of person. </maml:para><maml:para>The Path parameter specifies the container or organizational unit (OU) for the new user. When you do not specify the Path parameter, the cmdlet creates a user object in the default container for user objects in the domain. </maml:para><maml:para>The following methods explain different ways to create an object by using this cmdlet. </maml:para><maml:para>Method 1: Use the New-ADUser cmdlet, specify the required parameters, and set any additional property values by using the cmdlet parameters. </maml:para><maml:para>Method 2: Use a template to create the new object. To do this, create a new user object or retrieve a copy of an existing user object and set the Instance parameter to this object. The object provided to the Instance parameter is used as a template for the new object. You can override property values from the template by setting cmdlet parameters. For examples and more information, see the Instance parameter description for this cmdlet. </maml:para><maml:para>Method 3: Use the <maml:navigationLink><maml:linkText>Import-Csv</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet with the New-ADUser cmdlet to create multiple Active Directory user objects. To do this, use the Import-Csv cmdlet to create the custom objects from a comma-separated value (CSV) file that contains a list of object properties. Then pass these objects through the pipeline to the New-ADUser cmdlet to create the user objects. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>New-ADUser</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AccountExpirationDate</maml:name><maml:description><maml:para>Specifies the expiration date for an account. When you set this parameter to 0, the account never expires. This parameter sets the AccountExpirationDate property of an account object. The LDAP Display name (ldapDisplayName) for this property is accountExpires. </maml:para><maml:para>Use the DateTime syntax when you specify this parameter. Time is assumed to be local time unless otherwise specified. When a time value is not specified, the time is assumed to 12:00:00 AM local time. When a date is not specified, the date is assumed to be the current date. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AccountNotDelegated</maml:name><maml:description><maml:para>Specifies whether the security context of the user is delegated to a service. When this parameter is set to &True, the security context of the account is not delegated to a service even when the service account is set as trusted for Kerberos delegation. This parameter sets the AccountNotDelegated property for an Active Directory account. This parameter also sets the ADS_UF_NOT_DELEGATED flag of the Active Directory User Account Control (UAC) attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AccountPassword</maml:name><maml:description><maml:para>Specifies a new password value for an account. This value is stored as an encrypted string. </maml:para><maml:para>The following conditions apply based on the manner in which the password parameter is used: -- $Null password is specified: No password is set and the account is disabled unless it is requested to be enabled. -- No password is specified: No password is set and the account is disabled unless it is requested to be enabled. -- User password is specified: Password is set and the account is disabled unless it is requested to be enabled.</maml:para><maml:para>User accounts, by default, are created without a password. If you provide a password, an attempt will be made to set that password however, this can fail due to password policy restrictions. The user account will still be created and you may use Set-ADAccountPassword to set the password on that account. In order to ensure that accounts remain secure, user accounts will never be enabled unless a valid password is set or PasswordNotRequired is set to $True. </maml:para><maml:para>The account is created if the password fails for any reason.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AllowReversiblePasswordEncryption</maml:name><maml:description><maml:para>Specifies whether reversible password encryption is allowed for the account. This parameter sets the AllowReversiblePasswordEncryption property of the account. This parameter also sets the ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED flag of the Active Directory User Account Control (UAC) attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AuthenticationPolicy</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy object. Specify the authentication policy object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AuthenticationPolicySilo</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy silo object. Specify the authentication policy silo object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>CannotChangePassword</maml:name><maml:description><maml:para>Specifies whether the account password can be changed. This parameter sets the CannotChangePassword property of an account. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Certificates</maml:name><maml:description><maml:para>Specifies an array of certificates. The cmdlet modifies the DER-encoded X.509v3 certificates of the account. These certificates include the public key certificates issued to this account by the Microsoft Certificate Service. This parameter sets the Certificates property of the account object. The LDAP Display Name (ldapDisplayName) for this property is userCertificate. </maml:para><maml:para>Syntax: </maml:para><maml:para>To add values: </maml:para><maml:para>-Certificates @{Add=value1,value2,...} </maml:para><maml:para>To remove values: </maml:para><maml:para>-Certificates @{Remove=value3,value4,...} </maml:para><maml:para>To replace values: </maml:para><maml:para>-Certificates @{Replace=value1,value2,...} </maml:para><maml:para>To clear all values: </maml:para><maml:para>-Certificates $null </maml:para><maml:para>You can specify more than one operation by using a list separated by semicolons. For example, use the following syntax to add and remove Certificate values </maml:para><maml:para>-Certificates @{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="true">X509Certificate[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ChangePasswordAtLogon</maml:name><maml:description><maml:para>Specifies whether a password must be changed during the next logon attempt. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para><maml:para>This parameter cannot be set to $True or 1 for an account that also has the PasswordNeverExpires property set to $True. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>City</maml:name><maml:description><maml:para>Specifies the user's town or city. This parameter sets the City property of a user. The LDAP display name (ldapDisplayName) of this property is l.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Company</maml:name><maml:description><maml:para>Specifies the user's company. This parameter sets the Company property of a user object. The LDAP display name (ldapDisplayName) of this property is company.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>CompoundIdentitySupported</maml:name><maml:description><maml:para>Specifies whether an account supports Kerberos service tickets which includes the authorization data for the user's device. This value sets the compound identity supported flag of the Active Directory msDS-SupportedEncryptionTypes attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para><maml:para>Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore any changes to the flag on the msDS-SupportedEncryptionTypes attribute will be overwritten by the service or system which manages the setting. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Country</maml:name><maml:description><maml:para>Specifies the country or region code for the user's language of choice. This parameter sets the Country property of a user object. The LDAP Display Name (ldapDisplayName) of this property is c. This value is not used by Windows 2000.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Department</maml:name><maml:description><maml:para>Specifies the user's department. This parameter sets the Department property of a user. The LDAP Display Name (ldapDisplayName) of this property is department.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Division</maml:name><maml:description><maml:para>Specifies the user's division. This parameter sets the Division property of a user object. The LDAP Display Name (ldapDisplayName) of this property is division.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>EmailAddress</maml:name><maml:description><maml:para>Specifies the user's e-mail address. This parameter sets the EmailAddress property of a user object. The LDAP Display Name (ldapDisplayName) of this property is mail.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>EmployeeID</maml:name><maml:description><maml:para>Specifies the user's employee ID. This parameter sets the EmployeeID property of a user object. The LDAP Display Name (ldapDisplayName) of this property is employeeID.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>EmployeeNumber</maml:name><maml:description><maml:para>Specifies the user's employee number. This parameter sets the EmployeeNumber property of a user object. The LDAP Display Name (ldapDisplayName) of this property is employeeNumber.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Specifies if an account is enabled. An enabled account requires a password. This parameter sets the Enabled property for an account object. This parameter also sets the ADS_UF_ACCOUNTDISABLE flag of the Active Directory User Account Control (UAC) attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Fax</maml:name><maml:description><maml:para>Specifies the user's fax phone number. This parameter sets the Fax property of a user object. The LDAP Display Name (ldapDisplayName) of this property is facsimileTelephoneNumber.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>GivenName</maml:name><maml:description><maml:para>Specifies the user's given name. This parameter sets the GivenName property of a user object. The LDAP Display Name (ldapDisplayName) of this property is givenName. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>HomeDirectory</maml:name><maml:description><maml:para>Specifies a user's home directory. This parameter sets the HomeDirectory property of a user object. The LDAP Display Name (ldapDisplayName) for this property is homeDirectory.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>HomeDrive</maml:name><maml:description><maml:para>Specifies a drive that is associated with the UNC path defined by the HomeDirectory property. The drive letter is specified as <DriveLetter>: where <DriveLetter> indicates the letter of the drive to associate. The <DriveLetter> must be a single, uppercase letter and the colon is required. This parameter sets the HomeDrive property of the user object. The LDAP Display Name (ldapDisplayName) for this property is homeDrive.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>HomePage</maml:name><maml:description><maml:para>Specifies the URL of the home page of the object. This parameter sets the homePage property of an Active Directory object. The LDAP Display Name (ldapDisplayName) for this property is wWWHomePage.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>HomePhone</maml:name><maml:description><maml:para>Specifies the user's home telephone number. This parameter sets the HomePhone property of a user. The LDAP Display Name (ldapDisplayName) of this property is homePhone.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Initials</maml:name><maml:description><maml:para>Specifies the initials that represent part of a user's name. You can use this value for the user's middle initial. This parameter sets the Initials property of a user. The LDAP Display Name (ldapDisplayName) of this property is initials.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a user object to use as a template for a new user object. </maml:para><maml:para>You can use an instance of an existing user object as a template or you can construct a new user object for template use. You can construct a new user object using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing user object as a template for a new object. To retrieve an instance of an existing user object, use a cmdlet such as Get-ADUser. Then provide this object to the Instance parameter of the New-ADUser cmdlet to create a new user object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADUser object and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADUser cmdlet to create the new Active Directory user object.</maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADUser</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>KerberosEncryptionType</maml:name><maml:description><maml:para>Specifies whether an account supports Kerberos encryption types which are used during creation of service tickets. This value sets the encryption types supported flags of the Active Directory msDS-SupportedEncryptionTypes attribute. Possible values for this parameter are: -- None -- DES -- RC4 -- AES128 -- AES256</maml:para><maml:para>None will remove all encryption types from the account resulting the KDC being unable to issue service tickets for services using the account.</maml:para><maml:para>DES is a weak encryption type which is not supported by default since Windows 7 and Windows Server 2008 R2.</maml:para><maml:para>Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore any changes to the flag on the msDS-SupportedEncryptionTypes attribute will be overwritten by the service or system which manages the setting. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">None</command:parameterValue><command:parameterValue required="true" variableLength="false">DES</command:parameterValue><command:parameterValue required="true" variableLength="false">RC4</command:parameterValue><command:parameterValue required="true" variableLength="false">AES128</command:parameterValue><command:parameterValue required="true" variableLength="false">AES256</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>LogonWorkstations</maml:name><maml:description><maml:para>Specifies the computers that the user can access. To specify more than one computer, create a single comma-separated list. You can identify a computer by using the Security Accounts Manager (SAM) account name (sAMAccountName) or the DNS host name of the computer. The SAM account name is the same as the NetBIOS name of the computer.</maml:para><maml:para>The LDAP display name (ldapDisplayName) for this property is userWorkStations.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Manager</maml:name><maml:description><maml:para>Specifies the user's manager. This parameter sets the Manager property of a user. This parameter is set by providing one of the following property values. Note: The identifier in parentheses is the LDAP display name for the property. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADUser</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>MobilePhone</maml:name><maml:description><maml:para>Specifies the user's mobile phone number. This parameter sets the MobilePhone property of a user object. The LDAP Display Name (ldapDisplayName) of this property is mobile.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Office</maml:name><maml:description><maml:para>Specifies the location of the user's office or place of business. This parameter sets the Office property of a user object. The LDAP display name (ldapDisplayName) of this property is office.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>OfficePhone</maml:name><maml:description><maml:para>Specifies the user's office telephone number. This parameter sets the OfficePhone property of a user object. The LDAP display name (ldapDisplayName) of this property is telephoneNumber.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Organization</maml:name><maml:description><maml:para>Specifies the user's organization. This parameter sets the Organization property of a user object. The LDAP display name (ldapDisplayName) of this property is o.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAPDisplayName (ldapDisplayName) defined for it in the Active Directory schema.</maml:para><maml:para>Syntax: </maml:para><maml:para>To specify a single value for an attribute: </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value} </maml:para><maml:para>To specify multiple values for an attribute </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...} </maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>OtherName</maml:name><maml:description><maml:para>Specifies a name in addition to a user's given name and surname, such as the user's middle name. This parameter sets the OtherName property of a user object. The LDAP Display Name (ldapDisplayName) of this property is middleName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>PasswordNeverExpires</maml:name><maml:description><maml:para>Specifies whether the password of an account can expire. This parameter sets the PasswordNeverExpires property of an account object. This parameter also sets the ADS_UF_DONT_EXPIRE_PASSWD flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para><maml:para>Note: This parameter cannot be set to $True or 1 for an account that also has the ChangePasswordAtLogon property set to $True. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>PasswordNotRequired</maml:name><maml:description><maml:para>Specifies whether the account requires a password. A password is not required for a new account. This parameter sets the PasswordNotRequired property of an account object. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created. </maml:para><maml:para>In many cases, a default value will be used for the Path parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Path will be set in the following cases: -- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example, in New-ADUser, the Path parameter would default to the Users container. -- If none of the previous cases apply, the default value of Path will be set to the default partition or naming context of the target domain.</maml:para><maml:para>In AD LDS environments, a default value for Path will be set in the following cases: -- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example, in New-ADUser, the Path parameter would default to the Users container. -- If the target AD LDS instance has a default naming context, the default value of Path will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Path parameter will not take any default value.</maml:para><maml:para>Note: The Active Directory Provider cmdlets, such New-Item, Remove-Item, Remove-ItemProperty, Rename-Item, and Set-ItemProperty also contain a Path property. However, for the provider cmdlets, the Path parameter identifies the path of the actual object and not the container as with the Active Directory cmdlets. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>POBox</maml:name><maml:description><maml:para>Specifies the user's post office box number. This parameter sets the POBox property of a user object. The LDAP Display Name (ldapDisplayName) of this property is postOfficeBox.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>PostalCode</maml:name><maml:description><maml:para>Specifies the user's postal code or zip code. This parameter sets the PostalCode property of a user. The LDAP Display Name (ldapDisplayName) of this property is postalCode.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>PrincipalsAllowedToDelegateToAccount</maml:name><maml:description><maml:para>Specifies an array of principal objects. This parameter sets the msDS-AllowedToActOnBehalfOfOtherIdentity attribute of a computer account object. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProfilePath</maml:name><maml:description><maml:para>Specifies a path to the user's profile. This value can be a local absolute path or a Universal Naming Convention (UNC) path. This parameter sets the ProfilePath property of the user object. The LDAP display name (ldapDisplayName) for this property is profilePath.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>SamAccountName</maml:name><maml:description><maml:para>Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. The maximum length of the description is 256 characters. To be compatible with older operating systems, create a SAM account name that is 20 characters or less. This parameter sets the SAMAccountName for an account object. The LDAP display name (ldapDisplayName) for this property is sAMAccountName.</maml:para><maml:para>Note: If the string value provided is not terminated with a $ character, the system adds one if needed. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ScriptPath</maml:name><maml:description><maml:para>Specifies a path to the user's log on script. This value can be a local absolute path or a Universal Naming Convention (UNC) path. This parameter sets the ScriptPath property of the user. The LDAP display name (ldapDisplayName) for this property is scriptPath.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ServicePrincipalNames</maml:name><maml:description><maml:para>Specifies the service principal names for the account. This parameter sets the ServicePrincipalNames property of the account. The LDAP display name (ldapDisplayName) for this property is servicePrincipalName. This parameter uses the following syntax to add remove, replace or clear service principal name values: </maml:para><maml:para>Syntax: </maml:para><maml:para>To add values: </maml:para><maml:para>-ServicePrincipalNames @{Add=value1,value2,...} </maml:para><maml:para>To remove values: </maml:para><maml:para>-ServicePrincipalNames @{Remove=value3,value4,...} </maml:para><maml:para>To replace values: </maml:para><maml:para>-ServicePrincipalNames @{Replace=value1,value2,...} </maml:para><maml:para>To clear all values: </maml:para><maml:para>-ServicePrincipalNames $null </maml:para><maml:para>You can specify more than one change by using a list separated by semicolons. For example, use the following syntax to add and remove service principal names. </maml:para><maml:para>@{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>SmartcardLogonRequired</maml:name><maml:description><maml:para>Specifies whether a smart card is required to logon. This parameter sets the SmartCardLoginRequired property for a user. This parameter also sets the ADS_UF_SMARTCARD_REQUIRED flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>State</maml:name><maml:description><maml:para>Specifies the user's or Organizational Unit's state or province. This parameter sets the State property of a User or Organizational Unit object. The LDAP display name (ldapDisplayName) of this property is st.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>StreetAddress</maml:name><maml:description><maml:para>Specifies the user's street address. This parameter sets the StreetAddress property of a user object. The LDAP display name (ldapDisplayName) of this property is streetAddress.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Surname</maml:name><maml:description><maml:para>Specifies the user's last name or surname. This parameter sets the Surname property of a user object. The LDAP display name (ldapDisplayName) of this property is sn.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Title</maml:name><maml:description><maml:para>Specifies the user's title. This parameter sets the Title property of a user object. The LDAP display name (ldapDisplayName) of this property is title.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>TrustedForDelegation</maml:name><maml:description><maml:para>Specifies whether an account is trusted for Kerberos delegation. A service that runs under an account that is trusted for Kerberos delegation can assume the identity of a client requesting the service. This parameter sets the TrustedForDelegation property of an account object. This value also sets the ADS_UF_TRUSTED_FOR_DELEGATION flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Type</maml:name><maml:description><maml:para>Specifies the type of object to create. Set the Type parameter to the LDAP display name of the Active Directory Schema Class that represents the type of object that you want to create. The selected type must be a subclass of the User schema class. If this parameter is not specified it will default to User.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>UserPrincipalName</maml:name><maml:description><maml:para>Specifies a user principal name (UPN) in the format <user>@<DNS-domain-name>. A UPN is a friendly name assigned by an administrator that is shorter than the LDAP distinguished name used by the system and easier to remember. The UPN is independent of the user object's DN, so a user object can be moved or renamed without affecting the user logon name. When logging on using a UPN, users no longer have to choose a domain from a list on the logon dialog box. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AccountExpirationDate</maml:name><maml:description><maml:para>Specifies the expiration date for an account. When you set this parameter to 0, the account never expires. This parameter sets the AccountExpirationDate property of an account object. The LDAP Display name (ldapDisplayName) for this property is accountExpires. </maml:para><maml:para>Use the DateTime syntax when you specify this parameter. Time is assumed to be local time unless otherwise specified. When a time value is not specified, the time is assumed to 12:00:00 AM local time. When a date is not specified, the date is assumed to be the current date. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue><dev:type><maml:name>DateTime</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AccountNotDelegated</maml:name><maml:description><maml:para>Specifies whether the security context of the user is delegated to a service. When this parameter is set to &True, the security context of the account is not delegated to a service even when the service account is set as trusted for Kerberos delegation. This parameter sets the AccountNotDelegated property for an Active Directory account. This parameter also sets the ADS_UF_NOT_DELEGATED flag of the Active Directory User Account Control (UAC) attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AccountPassword</maml:name><maml:description><maml:para>Specifies a new password value for an account. This value is stored as an encrypted string. </maml:para><maml:para>The following conditions apply based on the manner in which the password parameter is used: -- $Null password is specified: No password is set and the account is disabled unless it is requested to be enabled. -- No password is specified: No password is set and the account is disabled unless it is requested to be enabled. -- User password is specified: Password is set and the account is disabled unless it is requested to be enabled.</maml:para><maml:para>User accounts, by default, are created without a password. If you provide a password, an attempt will be made to set that password however, this can fail due to password policy restrictions. The user account will still be created and you may use Set-ADAccountPassword to set the password on that account. In order to ensure that accounts remain secure, user accounts will never be enabled unless a valid password is set or PasswordNotRequired is set to $True. </maml:para><maml:para>The account is created if the password fails for any reason.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue><dev:type><maml:name>SecureString</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AllowReversiblePasswordEncryption</maml:name><maml:description><maml:para>Specifies whether reversible password encryption is allowed for the account. This parameter sets the AllowReversiblePasswordEncryption property of the account. This parameter also sets the ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED flag of the Active Directory User Account Control (UAC) attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AuthenticationPolicy</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy object. Specify the authentication policy object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AuthenticationPolicySilo</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy silo object. Specify the authentication policy silo object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicySilo</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>CannotChangePassword</maml:name><maml:description><maml:para>Specifies whether the account password can be changed. This parameter sets the CannotChangePassword property of an account. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Certificates</maml:name><maml:description><maml:para>Specifies an array of certificates. The cmdlet modifies the DER-encoded X.509v3 certificates of the account. These certificates include the public key certificates issued to this account by the Microsoft Certificate Service. This parameter sets the Certificates property of the account object. The LDAP Display Name (ldapDisplayName) for this property is userCertificate. </maml:para><maml:para>Syntax: </maml:para><maml:para>To add values: </maml:para><maml:para>-Certificates @{Add=value1,value2,...} </maml:para><maml:para>To remove values: </maml:para><maml:para>-Certificates @{Remove=value3,value4,...} </maml:para><maml:para>To replace values: </maml:para><maml:para>-Certificates @{Replace=value1,value2,...} </maml:para><maml:para>To clear all values: </maml:para><maml:para>-Certificates $null </maml:para><maml:para>You can specify more than one operation by using a list separated by semicolons. For example, use the following syntax to add and remove Certificate values </maml:para><maml:para>-Certificates @{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="true">X509Certificate[]</command:parameterValue><dev:type><maml:name>X509Certificate[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ChangePasswordAtLogon</maml:name><maml:description><maml:para>Specifies whether a password must be changed during the next logon attempt. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para><maml:para>This parameter cannot be set to $True or 1 for an account that also has the PasswordNeverExpires property set to $True. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>City</maml:name><maml:description><maml:para>Specifies the user's town or city. This parameter sets the City property of a user. The LDAP display name (ldapDisplayName) of this property is l.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Company</maml:name><maml:description><maml:para>Specifies the user's company. This parameter sets the Company property of a user object. The LDAP display name (ldapDisplayName) of this property is company.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>CompoundIdentitySupported</maml:name><maml:description><maml:para>Specifies whether an account supports Kerberos service tickets which includes the authorization data for the user's device. This value sets the compound identity supported flag of the Active Directory msDS-SupportedEncryptionTypes attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para><maml:para>Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore any changes to the flag on the msDS-SupportedEncryptionTypes attribute will be overwritten by the service or system which manages the setting. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Country</maml:name><maml:description><maml:para>Specifies the country or region code for the user's language of choice. This parameter sets the Country property of a user object. The LDAP Display Name (ldapDisplayName) of this property is c. This value is not used by Windows 2000.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Department</maml:name><maml:description><maml:para>Specifies the user's department. This parameter sets the Department property of a user. The LDAP Display Name (ldapDisplayName) of this property is department.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Division</maml:name><maml:description><maml:para>Specifies the user's division. This parameter sets the Division property of a user object. The LDAP Display Name (ldapDisplayName) of this property is division.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>EmailAddress</maml:name><maml:description><maml:para>Specifies the user's e-mail address. This parameter sets the EmailAddress property of a user object. The LDAP Display Name (ldapDisplayName) of this property is mail.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>EmployeeID</maml:name><maml:description><maml:para>Specifies the user's employee ID. This parameter sets the EmployeeID property of a user object. The LDAP Display Name (ldapDisplayName) of this property is employeeID.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>EmployeeNumber</maml:name><maml:description><maml:para>Specifies the user's employee number. This parameter sets the EmployeeNumber property of a user object. The LDAP Display Name (ldapDisplayName) of this property is employeeNumber.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Specifies if an account is enabled. An enabled account requires a password. This parameter sets the Enabled property for an account object. This parameter also sets the ADS_UF_ACCOUNTDISABLE flag of the Active Directory User Account Control (UAC) attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Fax</maml:name><maml:description><maml:para>Specifies the user's fax phone number. This parameter sets the Fax property of a user object. The LDAP Display Name (ldapDisplayName) of this property is facsimileTelephoneNumber.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>GivenName</maml:name><maml:description><maml:para>Specifies the user's given name. This parameter sets the GivenName property of a user object. The LDAP Display Name (ldapDisplayName) of this property is givenName. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>HomeDirectory</maml:name><maml:description><maml:para>Specifies a user's home directory. This parameter sets the HomeDirectory property of a user object. The LDAP Display Name (ldapDisplayName) for this property is homeDirectory.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>HomeDrive</maml:name><maml:description><maml:para>Specifies a drive that is associated with the UNC path defined by the HomeDirectory property. The drive letter is specified as <DriveLetter>: where <DriveLetter> indicates the letter of the drive to associate. The <DriveLetter> must be a single, uppercase letter and the colon is required. This parameter sets the HomeDrive property of the user object. The LDAP Display Name (ldapDisplayName) for this property is homeDrive.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>HomePage</maml:name><maml:description><maml:para>Specifies the URL of the home page of the object. This parameter sets the homePage property of an Active Directory object. The LDAP Display Name (ldapDisplayName) for this property is wWWHomePage.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>HomePhone</maml:name><maml:description><maml:para>Specifies the user's home telephone number. This parameter sets the HomePhone property of a user. The LDAP Display Name (ldapDisplayName) of this property is homePhone.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Initials</maml:name><maml:description><maml:para>Specifies the initials that represent part of a user's name. You can use this value for the user's middle initial. This parameter sets the Initials property of a user. The LDAP Display Name (ldapDisplayName) of this property is initials.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a user object to use as a template for a new user object. </maml:para><maml:para>You can use an instance of an existing user object as a template or you can construct a new user object for template use. You can construct a new user object using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing user object as a template for a new object. To retrieve an instance of an existing user object, use a cmdlet such as Get-ADUser. Then provide this object to the Instance parameter of the New-ADUser cmdlet to create a new user object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADUser object and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADUser cmdlet to create the new Active Directory user object.</maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADUser</command:parameterValue><dev:type><maml:name>ADUser</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>KerberosEncryptionType</maml:name><maml:description><maml:para>Specifies whether an account supports Kerberos encryption types which are used during creation of service tickets. This value sets the encryption types supported flags of the Active Directory msDS-SupportedEncryptionTypes attribute. Possible values for this parameter are: -- None -- DES -- RC4 -- AES128 -- AES256</maml:para><maml:para>None will remove all encryption types from the account resulting the KDC being unable to issue service tickets for services using the account.</maml:para><maml:para>DES is a weak encryption type which is not supported by default since Windows 7 and Windows Server 2008 R2.</maml:para><maml:para>Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore any changes to the flag on the msDS-SupportedEncryptionTypes attribute will be overwritten by the service or system which manages the setting. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADKerberosEncryptionType</command:parameterValue><dev:type><maml:name>ADKerberosEncryptionType</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>LogonWorkstations</maml:name><maml:description><maml:para>Specifies the computers that the user can access. To specify more than one computer, create a single comma-separated list. You can identify a computer by using the Security Accounts Manager (SAM) account name (sAMAccountName) or the DNS host name of the computer. The SAM account name is the same as the NetBIOS name of the computer.</maml:para><maml:para>The LDAP display name (ldapDisplayName) for this property is userWorkStations.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Manager</maml:name><maml:description><maml:para>Specifies the user's manager. This parameter sets the Manager property of a user. This parameter is set by providing one of the following property values. Note: The identifier in parentheses is the LDAP display name for the property. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADUser</command:parameterValue><dev:type><maml:name>ADUser</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>MobilePhone</maml:name><maml:description><maml:para>Specifies the user's mobile phone number. This parameter sets the MobilePhone property of a user object. The LDAP Display Name (ldapDisplayName) of this property is mobile.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Office</maml:name><maml:description><maml:para>Specifies the location of the user's office or place of business. This parameter sets the Office property of a user object. The LDAP display name (ldapDisplayName) of this property is office.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>OfficePhone</maml:name><maml:description><maml:para>Specifies the user's office telephone number. This parameter sets the OfficePhone property of a user object. The LDAP display name (ldapDisplayName) of this property is telephoneNumber.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Organization</maml:name><maml:description><maml:para>Specifies the user's organization. This parameter sets the Organization property of a user object. The LDAP display name (ldapDisplayName) of this property is o.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherAttributes</maml:name><maml:description><maml:para>Specifies object attribute values for attributes that are not represented by cmdlet parameters. You can set one or more parameters at the same time with this parameter. If an attribute takes more than one value, you can assign multiple values. To identify an attribute, specify the LDAPDisplayName (ldapDisplayName) defined for it in the Active Directory schema.</maml:para><maml:para>Syntax: </maml:para><maml:para>To specify a single value for an attribute: </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value} </maml:para><maml:para>To specify multiple values for an attribute </maml:para><maml:para>-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...} </maml:para><maml:para>You can specify values for more than one attribute by using semicolons to separate attributes. The following syntax shows how to set values for multiple attributes: </maml:para><maml:para>-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>OtherName</maml:name><maml:description><maml:para>Specifies a name in addition to a user's given name and surname, such as the user's middle name. This parameter sets the OtherName property of a user object. The LDAP Display Name (ldapDisplayName) of this property is middleName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>POBox</maml:name><maml:description><maml:para>Specifies the user's post office box number. This parameter sets the POBox property of a user object. The LDAP Display Name (ldapDisplayName) of this property is postOfficeBox.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>PasswordNeverExpires</maml:name><maml:description><maml:para>Specifies whether the password of an account can expire. This parameter sets the PasswordNeverExpires property of an account object. This parameter also sets the ADS_UF_DONT_EXPIRE_PASSWD flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para><maml:para>Note: This parameter cannot be set to $True or 1 for an account that also has the ChangePasswordAtLogon property set to $True. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>PasswordNotRequired</maml:name><maml:description><maml:para>Specifies whether the account requires a password. A password is not required for a new account. This parameter sets the PasswordNotRequired property of an account object. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created. </maml:para><maml:para>In many cases, a default value will be used for the Path parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Path will be set in the following cases: -- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example, in New-ADUser, the Path parameter would default to the Users container. -- If none of the previous cases apply, the default value of Path will be set to the default partition or naming context of the target domain.</maml:para><maml:para>In AD LDS environments, a default value for Path will be set in the following cases: -- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive. -- If the cmdlet has a default path, this will be used. For example, in New-ADUser, the Path parameter would default to the Users container. -- If the target AD LDS instance has a default naming context, the default value of Path will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Path parameter will not take any default value.</maml:para><maml:para>Note: The Active Directory Provider cmdlets, such New-Item, Remove-Item, Remove-ItemProperty, Rename-Item, and Set-ItemProperty also contain a Path property. However, for the provider cmdlets, the Path parameter identifies the path of the actual object and not the container as with the Active Directory cmdlets. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>PostalCode</maml:name><maml:description><maml:para>Specifies the user's postal code or zip code. This parameter sets the PostalCode property of a user. The LDAP Display Name (ldapDisplayName) of this property is postalCode.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>PrincipalsAllowedToDelegateToAccount</maml:name><maml:description><maml:para>Specifies an array of principal objects. This parameter sets the msDS-AllowedToActOnBehalfOfOtherIdentity attribute of a computer account object. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue><dev:type><maml:name>ADPrincipal[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ProfilePath</maml:name><maml:description><maml:para>Specifies a path to the user's profile. This value can be a local absolute path or a Universal Naming Convention (UNC) path. This parameter sets the ProfilePath property of the user object. The LDAP display name (ldapDisplayName) for this property is profilePath.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>SamAccountName</maml:name><maml:description><maml:para>Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. The maximum length of the description is 256 characters. To be compatible with older operating systems, create a SAM account name that is 20 characters or less. This parameter sets the SAMAccountName for an account object. The LDAP display name (ldapDisplayName) for this property is sAMAccountName.</maml:para><maml:para>Note: If the string value provided is not terminated with a $ character, the system adds one if needed. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ScriptPath</maml:name><maml:description><maml:para>Specifies a path to the user's log on script. This value can be a local absolute path or a Universal Naming Convention (UNC) path. This parameter sets the ScriptPath property of the user. The LDAP display name (ldapDisplayName) for this property is scriptPath.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ServicePrincipalNames</maml:name><maml:description><maml:para>Specifies the service principal names for the account. This parameter sets the ServicePrincipalNames property of the account. The LDAP display name (ldapDisplayName) for this property is servicePrincipalName. This parameter uses the following syntax to add remove, replace or clear service principal name values: </maml:para><maml:para>Syntax: </maml:para><maml:para>To add values: </maml:para><maml:para>-ServicePrincipalNames @{Add=value1,value2,...} </maml:para><maml:para>To remove values: </maml:para><maml:para>-ServicePrincipalNames @{Remove=value3,value4,...} </maml:para><maml:para>To replace values: </maml:para><maml:para>-ServicePrincipalNames @{Replace=value1,value2,...} </maml:para><maml:para>To clear all values: </maml:para><maml:para>-ServicePrincipalNames $null </maml:para><maml:para>You can specify more than one change by using a list separated by semicolons. For example, use the following syntax to add and remove service principal names. </maml:para><maml:para>@{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>SmartcardLogonRequired</maml:name><maml:description><maml:para>Specifies whether a smart card is required to logon. This parameter sets the SmartCardLoginRequired property for a user. This parameter also sets the ADS_UF_SMARTCARD_REQUIRED flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>State</maml:name><maml:description><maml:para>Specifies the user's or Organizational Unit's state or province. This parameter sets the State property of a User or Organizational Unit object. The LDAP display name (ldapDisplayName) of this property is st.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>StreetAddress</maml:name><maml:description><maml:para>Specifies the user's street address. This parameter sets the StreetAddress property of a user object. The LDAP display name (ldapDisplayName) of this property is streetAddress.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Surname</maml:name><maml:description><maml:para>Specifies the user's last name or surname. This parameter sets the Surname property of a user object. The LDAP display name (ldapDisplayName) of this property is sn.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Title</maml:name><maml:description><maml:para>Specifies the user's title. This parameter sets the Title property of a user object. The LDAP display name (ldapDisplayName) of this property is title.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>TrustedForDelegation</maml:name><maml:description><maml:para>Specifies whether an account is trusted for Kerberos delegation. A service that runs under an account that is trusted for Kerberos delegation can assume the identity of a client requesting the service. This parameter sets the TrustedForDelegation property of an account object. This value also sets the ADS_UF_TRUSTED_FOR_DELEGATION flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Type</maml:name><maml:description><maml:para>Specifies the type of object to create. Set the Type parameter to the LDAP display name of the Active Directory Schema Class that represents the type of object that you want to create. The selected type must be a subclass of the User schema class. If this parameter is not specified it will default to User.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue>user</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>UserPrincipalName</maml:name><maml:description><maml:para>Specifies a user principal name (UPN) in the format <user>@<DNS-domain-name>. A UPN is a friendly name assigned by an administrator that is shorter than the LDAP distinguished name used by the system and easier to remember. The UPN is independent of the user object's DN, so a user object can be moved or renamed without affecting the user logon name. When logging on using a UPN, users no longer have to choose a domain from a list on the logon dialog box. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADUser</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A user object that is a template for the new user object is received by the Instance parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADUser</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the new user object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADUser -Name "GlenJohn" -Certificate (new-object System.Security.Cryptography.X509Certificates.X509Certificate -ArgumentList "export.cer") </dev:code><dev:remarks><maml:para>This command creates a new user named GlenJohn with a certicate imported from the file export.cer.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADUser -Name "GlenJohn" -OtherAttributes @{'title'="director";'mail'="glenjohn@fabrikam.com"} </dev:code><dev:remarks><maml:para>This command creates a new user named GlenJohn and sets the title and mail properties on the new object. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADUser -Name "GlenJohn" -Type iNetOrgPerson -Path "DC=AppNC" -Server lds.Fabrikam.com:50000 </dev:code><dev:remarks><maml:para>This command creates a new inetOrgPerson named GlenJohn on an AD LDS instance.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291077</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADUser</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADUser</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADUser</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADAccountPassword</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Remove-ADAuthenticationPolicy</command:name><maml:description><maml:para>Removes an Active Directory Domain Services authentication policy object.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>ADAuthenticationPolicy</command:noun><dev:version /></command:details><maml:description><maml:para>The Remove-ADAuthenticationPolicy cmdlet removes an Active Directory® Domain Services authentication policy. </maml:para><maml:para>The Identity parameter specifies the Active Directory Domain Services authentication policy to remove. You can identify an authentication policy by its distinguished name (DN), GUID or name. You can also use the Identity parameter to specify a variable that contains an authentication policy object, or you can use the pipeline operator to pass an authentication policy object to the Identity parameter.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-ADAuthenticationPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy object. Specify the authentication policy object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy object. Specify the authentication policy object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADAuthenticationPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>This cmdlet accepts an authentication policy object.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>System.Object</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>Example 1: Remove an authentication policy by specifying a name</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Remove-ADAuthenticationPolicy -Identity AuthenticationPolicy01 </dev:code><dev:remarks><maml:para>This command removes the authentication policy specified by the Identity parameter.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 2: Remove multiple authentication policies </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Get-ADAuthenticationPolicy -Filter 'Enforce -eq $false' | Remove-ADAuthenticationPolicy </dev:code><dev:remarks><maml:para>This command uses the Get-ADAuthenticationPolicy cmdlet with the Filter parameter to get all authentication policies that are not enforced. The pipeline operator then passes the result of the filter to the Remove-ADAuthenticationPolicy cmdlet. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=296766</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADAuthenticationPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADAuthenticationPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADAuthenticationPolicy</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Remove-ADAuthenticationPolicySilo</command:name><maml:description><maml:para>Removes an Active Directory Domain Services authentication policy silo object.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>ADAuthenticationPolicySilo</command:noun><dev:version /></command:details><maml:description><maml:para>The Remove-ADAuthenticationPolicySilo cmdlet removes an Active Directory® Domain Services authentication policy silo object. </maml:para><maml:para>The Identity parameter specifies the Active Directory Domain Services authentication policy silo to remove. You can identify an authentication policy silo by its distinguished name (DN), GUID or name. You can also use the Identity parameter to specify a variable that contains an authentication policy silo object, or you can use the pipeline operator to pass an authentication policy silo object to the Identity parameter.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-ADAuthenticationPolicySilo</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy silo object. Specify the authentication policy silo object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy silo object. Specify the authentication policy silo object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicySilo</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADAuthenticationPolicySilo</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>This cmdlet accepts an authentication policy silo object. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>System.Object</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>Example 1: Remove an authentication policy silo object</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADAuthenticationPolicySilo -Identity AuthenticationPolicySilo01 </dev:code><dev:remarks><maml:para>This command removes the authentication policy silo object named AuthenticationPolicySilo01.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 2: Remove all authentication policy silo objects that match a filter</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADAuthenticationPolicySilo -Filter 'Enforce -eq $False' | Remove-ADAuthenticationPolicySilo </dev:code><dev:remarks><maml:para>This command uses the Get-ADAuthenticationPolicySilo cmdlet with the Filter parameter to get all authentication policy silos that are not enforced. The pipeline operator then passes the result of the filter to the Remove-ADAuthenticationPolicySilo cmdlet. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 3: Remove all matching authentication policy silos without confirmation</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADAuthenticationPolicySilo -Filter 'Enforce -eq $False' | Remove-ADAuthenticationPolicySilo -Confirm:$False </dev:code><dev:remarks><maml:para>This command uses the Get-ADAuthenticationPolicySilo cmdlet with the Filter parameter to get all authentication policy silos that are not enforced. The pipeline operator then passes the result of the filter to the Remove-ADAuthenticationPolicySilo cmdlet. However, because the Confirm parameter is set to $False, no confirmation messages appear. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=296768</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADAuthenticationPolicySilo</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADAuthenticationPolicySilo</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADAuthenticationPolicySilo</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Remove-ADCentralAccessPolicy</command:name><maml:description><maml:para>Removes a central access policy from Active Directory. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>ADCentralAccessPolicy</command:noun><dev:version /></command:details><maml:description><maml:para>The Remove-ADCentralAccessPolicy cmdlet can be used to remove a central access policy from Active Directory. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-ADCentralAccessPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADCentralAccessPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADCentralAccessPolicy</command:parameterValue><dev:type><maml:name>ADCentralAccessPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADCentralAccessPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An Active Directory object is received by the Identity parameter.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller.</maml:para></maml:alert><maml:alert><maml:para>By default, this cmdlet has the Confirm parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify -Confirm:$False when using this cmdlet.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADCentralAccessPolicy -Identity "Finance Policy" </dev:code><dev:remarks><maml:para>This command removes the central access policy named Finance Policy.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADCentralAccessPolicy -Filter 'Name -Like "Finance*"' | Remove-ADCentralAccessPolicy </dev:code><dev:remarks><maml:para>This command gets all resource property lists whose name starts with Finance and then remove them.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291078</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADCentralAccessPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADCentralAccessPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADCentralAccessPolicy</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Remove-ADCentralAccessPolicyMember</command:name><maml:description><maml:para>Removes central access rules from a central access policy in Active Directory. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>ADCentralAccessPolicyMember</command:noun><dev:version /></command:details><maml:description><maml:para>The Remove-ADCentralAccessPolicyMember cmdlet removes central access rules from a central access policy in Active Directory.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-ADCentralAccessPolicyMember</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADCentralAccessPolicy</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Members</maml:name><maml:description><maml:para>Specifies a set of central access rule (CAR) objects in a comma-separated list to add to a central access policy (CAP).</maml:para><maml:para>To identify each object, use one of the following property values: -- Name -- Distinguished Name -- GUID (objectGUID) Note: The identifier in parentheses is the LDAP display name. </maml:para><maml:para>You can also provide objects to this parameter directly. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADCentralAccessRule[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADCentralAccessPolicy</command:parameterValue><dev:type><maml:name>ADCentralAccessPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Members</maml:name><maml:description><maml:para>Specifies a set of central access rule (CAR) objects in a comma-separated list to add to a central access policy (CAP).</maml:para><maml:para>To identify each object, use one of the following property values: -- Name -- Distinguished Name -- GUID (objectGUID) Note: The identifier in parentheses is the LDAP display name. </maml:para><maml:para>You can also provide objects to this parameter directly. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADCentralAccessRule[]</command:parameterValue><dev:type><maml:name>ADCentralAccessRule[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADCentralAccessPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An ADCentralAccessPolicy object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.ADCentralAccessPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the modified ADCentralAccessPolicy object when the PassThru parameter is specified. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot.</maml:para></maml:alert><maml:alert><maml:para>By default, this cmdlet has the Confirm parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify -Confirm:$False when using this cmdlet.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADCentralAccessPolicyMember -Identity "Finance Policy" -Members "Finance Documents Rule" </dev:code><dev:remarks><maml:para>This command removes the resource property named Finance Documents Rule from the central access policy named Finance Policy.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADCentralAccessPolicyMember -Identity "Finance Policy" -Members "Finance Documents Rule","Corporate Documents Rule" </dev:code><dev:remarks><maml:para>This command removes the central access rules named Finance Documents Rule and Corporate Documents Rule from the central access policy Finance Policy. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADCentralAccessPolicy -Filter { Name -like "Corporate*" } | Remove-ADCentralAccessPolicyMember -Members "Finance Documents Rule","Corporate Documents Rule" </dev:code><dev:remarks><maml:para>This command gets the central access policies that begin with Corporate in its name, and then pipes that result to the Remove-ADCentralAccessPolicyMember, which then removes the central access rules named Finance Documents Rule and Corporate Documents Rule from the policies. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291079</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ADCentralAccessPolicyMember</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Remove-ADCentralAccessRule</command:name><maml:description><maml:para>Removes a central access rule from Active Directory.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>ADCentralAccessRule</command:noun><dev:version /></command:details><maml:description><maml:para>The Remove-ADCentralAccessRule cmdlet can be used to remove a central access rule from Active Directory.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-ADCentralAccessRule</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADCentralAccessRule</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADCentralAccessRule</command:parameterValue><dev:type><maml:name>ADCentralAccessRule</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADCentralAccessPolicyEntry</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An Active Directory object is received by the Identity parameter.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller.</maml:para></maml:alert><maml:alert><maml:para>By default, this cmdlet has the Confirm parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify -Confirm:$false when using this cmdlet.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADCentralAccessRule -Identity "Finance Documents Rule" </dev:code><dev:remarks><maml:para>This command removes the specified central access rule, Finance Documents Rule.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADCentralAccessRule -Filter { ResourceCondition -like "*Department*" } | Remove-ADCentralAccessRule </dev:code><dev:remarks><maml:para>This command removes the central access rules with Department in their resource conditions. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291080</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADCentralAccessRule</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADCentralAccessRule</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADCentralAccessRule</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Remove-ADClaimTransformPolicy</command:name><maml:description><maml:para>Removes a claim transformation policy object from Active Directory.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>ADClaimTransformPolicy</command:noun><dev:version /></command:details><maml:description><maml:para>The Remove-ADClaimTransformPolicy cmdlet can be used to remove a claim transformation policy object from Active Directory.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-ADClaimTransformPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy -- Microsoft.ActiveDirectory.Management.ADDomain</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimTransformPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy -- Microsoft.ActiveDirectory.Management.ADDomain</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimTransformPolicy</command:parameterValue><dev:type><maml:name>ADClaimTransformPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADClaimTransformPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A claim transform policy object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>By default, this cmdlet has the Confirm parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify -Confirm:$False when using this cmdlet. </maml:para></maml:alert><maml:alert></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADClaimTransformPolicy -Identity DenyAllPolicy </dev:code><dev:remarks><maml:para>This command removes the claims transformation policy with the name DenyAllPolicy. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADClaimTransformPolicy -Filter {Description -eq "For testing only."} | Remove-ADClaimTransformPolicy </dev:code><dev:remarks><maml:para>This command gets all claims transformation policies that were marked in their description as For testing only and removes them.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291081</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Remove-ADClaimType</command:name><maml:description><maml:para>Removes a claim type from Active Directory. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>ADClaimType</command:noun><dev:version /></command:details><maml:description><maml:para>The Remove-ADClaimType cmdlet can be used to remove a claim type from Active Directory.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-ADClaimType</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimType</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Force</maml:name><maml:description><maml:para>Allows the cmdlet to remove objects that cannot otherwise be changed due to some attribute validation failure. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Force</maml:name><maml:description><maml:para>Allows the cmdlet to remove objects that cannot otherwise be changed due to some attribute validation failure. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimType</command:parameterValue><dev:type><maml:name>ADClaimType</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADClaimType</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller.</maml:para></maml:alert><maml:alert><maml:para>By default, this cmdlet has the Confirm parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify -Confirm:$False when using this cmdlet. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADClaimType -Identity Title </dev:code><dev:remarks><maml:para>This command removes the claim type with the name Title. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADClaimType -Filter { Enabled -eq $FALSE } | Remove-ADClaimType </dev:code><dev:remarks><maml:para>This command gets all the disabled claim types and remove them.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291082</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Remove-ADComputer</command:name><maml:description><maml:para>Removes an Active Directory computer.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>ADComputer</command:noun><dev:version /></command:details><maml:description><maml:para>The Remove-ADComputer cmdlet removes an Active Directory computer.</maml:para><maml:para>The Identity parameter specifies the Active Directory computer to remove. You can identify a computer by its distinguished name Members (DN), GUID, security identifier (SID), or Security Accounts Manager (SAM) account name. You can also set the Identity parameter to a computer object variable, such as $<localComputerObject>, or you can pass a computer object through the pipeline to the Identity parameter. For example, you can use the Get-ADComputer cmdlet to retrieve a computer object and then pass the object through the pipeline to the Remove-ADComputer cmdlet.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-ADComputer</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory computer object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A Security Accounts Manager Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the identifier given is a DN, the partition to search will be computed from that DN. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a computer object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADComputer</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory computer object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A Security Accounts Manager Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the identifier given is a DN, the partition to search will be computed from that DN. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a computer object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADComputer</command:parameterValue><dev:type><maml:name>ADComputer</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADComputer</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A computer object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert><maml:alert><maml:para>By default, this cmdlet has the Confirm parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify -Confirm:$False when using this cmdlet.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADComputer -Identity "FABRIKAM-SRV4" </dev:code><dev:remarks><maml:para>This command removes one particular computer. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADComputer -Filter 'Location -eq "NA/HQ/Building A"' | Remove-ADComputer Confirm Are you sure you want to perform this action? Performing operation "Remove" on Target "CN=LabServer-01,CN=Computers,DC=Fabrikam,DC=com". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): a </dev:code><dev:remarks><maml:para>This command removes all computers in the location specified by using the Filter parameter.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADComputer -Filter 'Location -eq "NA/HQ/Building A"' | Remove-ADComputer -Confirm:$False </dev:code><dev:remarks><maml:para>This command removes all computers from the location specified by using the Filter parameter. The command does not prompt you for confirmation. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADComputer -Identity "FABRIKAM-SRV4" | Remove-ADObject -Recursive </dev:code><dev:remarks><maml:para>This command removes a computer and all leaf objects that are located underneath it in the directory. Note that only a few computer objects create child objects, such as servers running the Clustering service. This example can be useful for removing those objects and any child objects owned by and associated with them. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291083</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ADComputerServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADComputer</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADComputerServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADComputer</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADComputerServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADComputer</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Remove-ADComputerServiceAccount</command:name><maml:description><maml:para>Removes one or more service accounts from a computer.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>ADComputerServiceAccount</command:noun><dev:version /></command:details><maml:description><maml:para>The Remove-ADComputerServiceAccount cmdlet removes service accounts from an Active Directory computer. </maml:para><maml:para>The Computer parameter specifies the Active Directory computer that contains the service accounts to remove. You can identify a computer by its distinguished name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. You can also set the Computer parameter to a computer object variable, such as $<localComputerobject>, or pass a computer object through the pipeline to the Computer parameter. For example, you can use the Get-ADComputer cmdlet to retrieve a computer object and then pass the object through the pipeline to the Remove-ADComputerServiceAccount cmdlet. </maml:para><maml:para>The ServiceAccount parameter specifies the service accounts to remove. You can identify a service account by its distinguished name (DN), GUID, security identifier (SID) or security accounts manager (SAM) account name. You can also specify service account object variables, such as $<localServiceAccountObject>. If you are specifying more than one service account, use a comma-separated list. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-ADComputerServiceAccount</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases="Computer"><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory computer object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- Security Accounts Manager Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the identifier given is a DN, the partition to search will be computed from that DN. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a computer object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADComputer</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>ServiceAccount</maml:name><maml:description><maml:para>Specifies one or more Active Directory service accounts. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADServiceAccount[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases="Computer"><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory computer object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- Security Accounts Manager Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the identifier given is a DN, the partition to search will be computed from that DN. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a computer object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADComputer</command:parameterValue><dev:type><maml:name>ADComputer</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>ServiceAccount</maml:name><maml:description><maml:para>Specifies one or more Active Directory service accounts. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADServiceAccount[]</command:parameterValue><dev:type><maml:name>ADServiceAccount[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADComputer</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A computer object is received by the Computer parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADComputer</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns an object that represents the modified computer object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert><maml:alert><maml:para>By default, this cmdlet has the Confirm parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify -Confirm:$False when using this cmdlet. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADComputerServiceAccount -Computer ComputerAcct1 -serviceAccount SvcAcct1 </dev:code><dev:remarks><maml:para>This command removes a service account SvcAcct1 from a Computer Account ComputerAcct1. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADComputerServiceAccount -Computer ComputerAcct1 -ServiceAccount SvcAcct1,SvcAcct2 </dev:code><dev:remarks><maml:para>This command removes service accounts SvcAcct1 and SvcAcct2 from a Computer Account ComputerAcct1. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291084</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ADComputerServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADComputer</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Remove-ADDomainControllerPasswordReplicationPolicy</command:name><maml:description><maml:para>Removes users, computers and groups from the allowed or denied list of a read-only domain controller password replication policy.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>ADDomainControllerPasswordReplicationPolicy</command:noun><dev:version /></command:details><maml:description><maml:para>The Remove-ADDomainControllerPasswordReplicationPolicy cmdlet removes one or more users, computers and groups from the allowed or denied list of a read-only domain controller (RODC) password replication policy. </maml:para><maml:para>The Identity parameter specifies the RODC that uses the allowed and denied lists to apply the password replication policy. You can identify a domain controller by its GUID, IPV4Address, global IPV6Address, or DNS host name. You can also identify a domain controller by the name of the server object that represents the domain controller, the Distinguished Name (DN) of the NTDS settings object or the server object, the GUID of the NTDS settings object or the server object under the configuration partition, or the DN of the computer object that represents the domain controller. You can also set the Identity parameter to a domain controller object variable, such as $<localDomainControllerobject>, or pass a domain controller object through the pipeline operator to the Identity parameter. For example, you can use the Get-ADDomainController cmdlet to retrieve a domain controller object and then pass the object through the pipeline operator to the Remove-ADDomainControllerPasswordReplicationPolicy cmdlet. You must provide a read-only domain controller. </maml:para><maml:para>The AllowedList parameters specify the users, computers and groups to remove from the allowed list. Similarly, the DeniedList parameter specifies the users, computers and groups to remove from the denied list. You must specify either one or both of the AllowedList and DeniedList parameters. You can identify a user, computer or group by distinguished name (DN), GUID, security identifier (SID) or security accounts manager (SAM) account name. You can also specify user, computer or group variables, such as $<localUserObject>. If you are specifying more than one item, use a comma-separated list.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-ADDomainControllerPasswordReplicationPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory domain controller object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A GUID (objectGUID) -- An IPV4Address -- A Global IPV6Address -- A DNS Host Name (dNSHostName) -- A name of the server object -- A Distinguished Name of the NTDS Settings object -- A Distinguished Name of the server object that represents the domain controller -- A GUID of NTDS settings object under the configuration partition -- A GUID of server object under the configuration partition -- A Distinguished Name of the computer object that represents the domain controller </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para><maml:para></maml:para><maml:para></maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDomainController</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the Get-Credential cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para><maml:para>Specifies the credentials for the security context under which the task is performed. If this security context doesn't have directory level permissions to perform the task, then an error is returned by the directory. If running under the context of an AD PowerShell provider drive, the credentials information associated with the drive is used as the default value; otherwise, the currently logged on user security context is used. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AllowedList</maml:name><maml:description><maml:para>Specifies the users, computers, groups or other accounts to add to the list of accounts allowed to replicate their passwords to this Read-only domain controller (RODC). You can specify more than one value by using a comma-separated list. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A Security Accounts Manager (SAM) account name (sAMAccountName) </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Remove-ADDomainControllerPasswordReplicationPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory domain controller object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A GUID (objectGUID) -- An IPV4Address -- A Global IPV6Address -- A DNS Host Name (dNSHostName) -- A name of the server object -- A Distinguished Name of the NTDS Settings object -- A Distinguished Name of the server object that represents the domain controller -- A GUID of NTDS settings object under the configuration partition -- A GUID of server object under the configuration partition -- A Distinguished Name of the computer object that represents the domain controller </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para><maml:para></maml:para><maml:para></maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDomainController</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the Get-Credential cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para><maml:para>Specifies the credentials for the security context under which the task is performed. If this security context doesn't have directory level permissions to perform the task, then an error is returned by the directory. If running under the context of an AD PowerShell provider drive, the credentials information associated with the drive is used as the default value; otherwise, the currently logged on user security context is used. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DeniedList</maml:name><maml:description><maml:para>Specifies the users, computers, groups or other accounts to add to the list of accounts that are denied the right to replicate their passwords to this Read-only domain controller (RODC). You can specify more than one value by using a comma-separated list. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM account name (sAMAccountName) </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AllowedList</maml:name><maml:description><maml:para>Specifies the users, computers, groups or other accounts to add to the list of accounts allowed to replicate their passwords to this Read-only domain controller (RODC). You can specify more than one value by using a comma-separated list. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A Security Accounts Manager (SAM) account name (sAMAccountName) </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue><dev:type><maml:name>ADPrincipal[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the Get-Credential cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para><maml:para>Specifies the credentials for the security context under which the task is performed. If this security context doesn't have directory level permissions to perform the task, then an error is returned by the directory. If running under the context of an AD PowerShell provider drive, the credentials information associated with the drive is used as the default value; otherwise, the currently logged on user security context is used. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DeniedList</maml:name><maml:description><maml:para>Specifies the users, computers, groups or other accounts to add to the list of accounts that are denied the right to replicate their passwords to this Read-only domain controller (RODC). You can specify more than one value by using a comma-separated list. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM account name (sAMAccountName) </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue><dev:type><maml:name>ADPrincipal[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory domain controller object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A GUID (objectGUID) -- An IPV4Address -- A Global IPV6Address -- A DNS Host Name (dNSHostName) -- A name of the server object -- A Distinguished Name of the NTDS Settings object -- A Distinguished Name of the server object that represents the domain controller -- A GUID of NTDS settings object under the configuration partition -- A GUID of server object under the configuration partition -- A Distinguished Name of the computer object that represents the domain controller </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para><maml:para></maml:para><maml:para></maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDomainController</command:parameterValue><dev:type><maml:name>ADDomainController</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADDomainController</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A read-only domain controller (RODC) object is received by the Identity parameter.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADDomainController</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the modified read-only domain controller object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert><maml:alert><maml:para>By default, this cmdlet has the Confirm parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify -Confirm:$False when using this cmdlet. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Remove-ADDomainControllerPasswordReplicationPolicy -Identity "FABRIKAM-RODC1" -AllowedList "JesperAaberg", "AdrianaAdams" </dev:code><dev:remarks><maml:para>This command removes the users with samAccountNames JesperAaberg and AdrianaAdams from the Allowed list on the RODC FABRIKAM-RODC1. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- EXAMPLE 2 --------------------------</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Remove-ADDomainControllerPasswordReplicationPolicy -Identity "FABRIKAM-RODC1" -DeniedList "MichaelAllen", "ElizabethAndersen" </dev:code><dev:remarks><maml:para>This command removes the users with samAccountNames MichaelAllen and ElizabethAndersen from the Denied list on the RODC FABRIKAM-RODC1. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291085</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ADDomainControllerPasswordReplicationPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADDomainController</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADDomainControllerPasswordReplicationPolicy</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Remove-ADFineGrainedPasswordPolicy</command:name><maml:description><maml:para>Removes an Active Directory fine-grained password policy.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>ADFineGrainedPasswordPolicy</command:noun><dev:version /></command:details><maml:description><maml:para>The Remove-ADFineGrainedPasswordPolicy cmdlet removes an Active Directory fine-grained password policy. </maml:para><maml:para>The Identity parameter specifies the Active Directory fine-grained password policy to remove. You can identify a fine-grained password policy by its distinguished name, or GUID. You can also set the Identity parameter to a fine-grained password object variable, such as $<localFineGrainedPasswordPolicyObject>, or you can pass a fine-grained password policy object through the pipeline to the Identity parameter. For example, you can use the Get-ADFineGrainedPasswordPolicy cmdlet to retrieve a fine-grained password policy object and then pass the object through the pipeline operator to the Remove-ADFineGrainedPasswordPolicy cmdlet. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-ADFineGrainedPasswordPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory fine-grained password policy object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name (distinguishedName) -- A GUID (objectGUID) -- A Name (name) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline operator or you can set this parameter to a fine-grained password policy object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADFineGrainedPasswordPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory fine-grained password policy object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name (distinguishedName) -- A GUID (objectGUID) -- A Name (name) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline operator or you can set this parameter to a fine-grained password policy object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADFineGrainedPasswordPolicy</command:parameterValue><dev:type><maml:name>ADFineGrainedPasswordPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A fine-grained password policy object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert><maml:alert><maml:para>By default, this cmdlet has the Confirm parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify -Confirm:$False when using this cmdlet. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADFineGrainedPasswordPolicy -Identity MyPolicy </dev:code><dev:remarks><maml:para>This command remove the Fine Grained Password Policy object named MyPolicy. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADFineGrainedPasswordPolicy -Identity 'CN=MyPolicy,CN=Password Settings Container,CN=System,DC=FABRIKAM,DC=COM' </dev:code><dev:remarks><maml:para>This command removes the Fine Grained Password Policy object with DistinguishedName CN=MyPolicy,CN=Password Settings Container,CN=System,DC=FABRIKAM,DC=COM. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADFineGrainedPasswordPolicy -Filter {Name -like "*user*"} | Remove-ADFineGrainedPasswordPolicy </dev:code><dev:remarks><maml:para>This command removes all File Grained Password Policy objects that contain user in their names. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291086</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ADFineGrainedPasswordPolicySubject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADFineGrainedPasswordPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADFineGrainedPasswordPolicySubject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADFineGrainedPasswordPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADFineGrainedPasswordPolicySubject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADFineGrainedPasswordPolicy</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Remove-ADFineGrainedPasswordPolicySubject</command:name><maml:description><maml:para>Removes one or more users from a fine-grained password policy.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>ADFineGrainedPasswordPolicySubject</command:noun><dev:version /></command:details><maml:description><maml:para>The Remove-ADFineGrainedPasswordPolicySubject cmdlet removes one or more global security groups and users from a fine-grained password policy. </maml:para><maml:para>The Identity parameter specifies the fine-grained password policy. You can identify a fine-grained password policy by its distinguished name or GUID. You can also set the Identity parameter to a fine-grained password policy object variable, such as $<localFineGrainedPasswordPolicyObject>, or pass a fine-grained password policy object through the pipeline to the Identity parameter. For example, you can use the Get-ADFineGrainedPasswordPolicy cmdlet to retrieve a fine-grained password policy object and then pass the object through the pipeline to the Remove-ADFineGrainedPasswordPolicySubject cmdlet. </maml:para><maml:para>The Subjects parameter specifies the users and groups to remove from the password policy. You can identify a user or group by its distinguished name (DN), GUID, security identifier (SID), security accounts manager (SAM) account name, or canonical name. You can also specify user or group object variables, such as $<localUserObject>. If you are specifying more than one user or group, use a comma-separated list. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-ADFineGrainedPasswordPolicySubject</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory fine-grained password policy object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A name (name) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a fine-grained password policy object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADFineGrainedPasswordPolicy</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="2" aliases=""><maml:name>Subjects</maml:name><maml:description><maml:para>Specifies one or more users or groups. To specify more than one user or group, use a comma-separated list. You can identify a user or group by one of the following property values: -- Distinguished Name (DN) -- GUID (objectGUID) -- Security Identifier (objectSid) -- SAM Account Name (sAMAccountName)</maml:para><maml:para>Note: The identifier in parentheses is the LDAP display name for the attribute. </maml:para><maml:para>You can also provide objects to this parameter directly.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory fine-grained password policy object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A name (name) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a fine-grained password policy object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADFineGrainedPasswordPolicy</command:parameterValue><dev:type><maml:name>ADFineGrainedPasswordPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="2" aliases=""><maml:name>Subjects</maml:name><maml:description><maml:para>Specifies one or more users or groups. To specify more than one user or group, use a comma-separated list. You can identify a user or group by one of the following property values: -- Distinguished Name (DN) -- GUID (objectGUID) -- Security Identifier (objectSid) -- SAM Account Name (sAMAccountName)</maml:para><maml:para>Note: The identifier in parentheses is the LDAP display name for the attribute. </maml:para><maml:para>You can also provide objects to this parameter directly.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue><dev:type><maml:name>ADPrincipal[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A fine-grained password policy object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns an object that represents the modified fine-grained password policy object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert><maml:alert><maml:para>By default, this cmdlet has the Confirm parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify Confirm:$False when using this cmdlet. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADFineGrainedPasswordPolicySubject -Identity DlgtdAdminsPSO -Subjects BobKe,KimAb </dev:code><dev:remarks><maml:para>This command removes the Fine-Grained Password Policy named DlgtdAdminsPSO from two users, with SamAccountNames BobKe and KimAb. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADFineGrainedPasswordPolicySubject -Identity DlgtdAdminsPSO | where {$_.Name -like "*Price"} | Remove-ADFineGrainedPasswordPolicySubject -Identity DlgtdAdminsPSO </dev:code><dev:remarks><maml:para>This command removes any subjects that have names ending with Price from the name list on which the Fine-Grained Password Policy named DlgtdAdminsPSO applies. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291087</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ADFineGrainedPasswordPolicySubject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADFineGrainedPasswordPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADFineGrainedPasswordPolicySubject</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Remove-ADGroup</command:name><maml:description><maml:para>Removes an Active Directory group.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>ADGroup</command:noun><dev:version /></command:details><maml:description><maml:para>The Remove-ADGroup cmdlet removes an Active Directory group object. You can use this cmdlet to remove security and distribution groups. </maml:para><maml:para>The Identity parameter specifies the Active Directory group to remove. You can identify a group by its distinguished name (DN), GUID, security identifier (SID), Security Accounts Manager (SAM) account name, or canonical name. You can also set the Identity parameter to an object variable such as $<localADGroupObject>, or you can pass an object through the pipeline to the Identity parameter. For example, you can use the Get-ADGroup cmdlet to retrieve a group object and then pass the object through the pipeline to the Remove-ADGroup cmdlet. </maml:para><maml:para>If the ADGroup is being identified by its DN, the Partition parameter will be automatically determined. </maml:para><maml:para>For AD LDS environments, the Partition parameter must be specified except in the following two conditions: -- The cmdlet is run from an Active Directory provider drive. -- A default naming context or partition is defined for the AD LDS environment. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-ADGroup</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory group object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A Security Accounts Manager (SAM) Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADGroup</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory group object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A Security Accounts Manager (SAM) Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADGroup</command:parameterValue><dev:type><maml:name>ADGroup</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADGroup</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A group object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert><maml:alert><maml:para>By default, this cmdlet has the Confirm parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify -Confirm:$False when using this cmdlet. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADGroup -Identity SanjaysReports Confirm Are you sure you want to perform this action? Performing operation "Remove" on Target "CN=SanjayReports,DC=Fabrikam,DC=com". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): </dev:code><dev:remarks><maml:para>This command removes the group that has samAccountName SanjaysReports. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADGroup -Filter 'Name -like "Sanjay*"' | Remove-ADGroup Confirm Are you sure you want to perform this action? Performing operation "Remove" on Target "CN=SanjaysReports,DC=Fabrikam,DC=com". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): </dev:code><dev:remarks><maml:para>This command gets all groups whose name starts with Sanjay and then remove them. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291088</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ADGroupMember</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADGroup</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADGroupMember</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADGroup</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADGroupMember</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADGroup</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Remove-ADGroupMember</command:name><maml:description><maml:para>Removes one or more members from an Active Directory group.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>ADGroupMember</command:noun><dev:version /></command:details><maml:description><maml:para>The Remove-ADGroupMember cmdlet removes one or more users, groups, service accounts, or computers from an Active Directory group. </maml:para><maml:para>The Identity parameter specifies the Active Directory group that contains the members to remove. You can identify a group by its distinguished name (DN), GUID, security identifier (SID), or Security Accounts Manager (SAM) account name. You can also specify a group object variable, such as $<localGroupObject>, or pass a group object through the pipeline to the Identity parameter. For example, you can use the Get-ADGroup cmdlet to retrieve a group object and then pass the object through the pipeline to the Remove-ADGroupMember cmdlet. </maml:para><maml:para>The Members parameter specifies the users, computers and groups to remove from the group specified by the Identity parameter. You can identify a user, computer or group by its distinguished name (DN), GUID, security identifier (SID), or Security Accounts Manager (SAM) account name. You can also specify user, computer, and group object variables, such as $<localUserObject>. If you are specifying more than one new member, use a comma-separated list. You cannot pass user, computer, or group objects through the pipeline to this cmdlet. To remove user, computer, or group objects from a group by using the pipeline, use the Remove-ADPrincipalGroupMembership cmdlet. </maml:para><maml:para>For AD LDS environments, the Partition parameter must be specified except in the following two conditions: -- The cmdlet is run from an Active Directory provider drive. -- A default naming context or partition is defined for the AD LDS environment. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-ADGroupMember</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory group object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A Security Accounts Manager (SAM) Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADGroup</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Members</maml:name><maml:description><maml:para>Specifies an array of users, groups, and computers to remove from a group. You can identify users, groups, and computers by specifying one of the following values. Note: The identifier in parentheses is the LDAP display name. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>You can also provide objects to this parameter directly. </maml:para><maml:para>The objects specified for this parameter are processed as Microsoft.ActiveDirectory.Management.ADPrincipal objects. Derived types, such as the following are also received by this parameter. -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADGroup</maml:para><maml:para>You cannot pass objects through the pipeline to this parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory group object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A Security Accounts Manager (SAM) Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADGroup</command:parameterValue><dev:type><maml:name>ADGroup</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Members</maml:name><maml:description><maml:para>Specifies an array of users, groups, and computers to remove from a group. You can identify users, groups, and computers by specifying one of the following values. Note: The identifier in parentheses is the LDAP display name. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>You can also provide objects to this parameter directly. </maml:para><maml:para>The objects specified for this parameter are processed as Microsoft.ActiveDirectory.Management.ADPrincipal objects. Derived types, such as the following are also received by this parameter. -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADGroup</maml:para><maml:para>You cannot pass objects through the pipeline to this parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue><dev:type><maml:name>ADPrincipal[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADGroup</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A group object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADGroup</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the modified group object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert><maml:alert><maml:para>By default, this cmdlet has the Confirm parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify -Confirm:$False when using this cmdlet. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADGroupMember -Identity "DocumentReaders" -Members "WilsonPais" Confirm Are you sure you want to perform this action? Performing operation "Set" on Target "CN=DocumentReaders,CN=Users,DC=Fabrikam,DC=com". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): </dev:code><dev:remarks><maml:para>This command removes the user with samAccountName WilsonPais from the group DocumentReaders. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADGroupMember -Identity "DocumentReaders" -Members "administrator","Wilson Pais" </dev:code><dev:remarks><maml:para>This command removes the users with samAccountNames administrator and WilsonPais from the group DocumentReaders. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADGroup -Server localhost:60000 -Identity "CN=AccessControl,DC=AppNC" | Remove-ADGroupMember -Members "CN=GlenJohns,DC=AppNC" Confirm Are you sure you want to perform this action? Performing operation "Set" on Target "CN=AccessControl,DC=AppNC". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): </dev:code><dev:remarks><maml:para>This command removes the user with DistinguishedName CN=GlenJohns,DC=AppNC from the AccessControl group on an AD LDS instance using the pipeline. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291089</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ADGroupMember</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ADPrincipalGroupMembership</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADGroup</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADGroupMember</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADPrincipalGroupMembership</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADPrincipalGroupMembership</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Remove-ADObject</command:name><maml:description><maml:para>Removes an Active Directory object.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>ADObject</command:noun><dev:version /></command:details><maml:description><maml:para>The Remove-ADObject cmdlet removes an Active Directory object. You can use this cmdlet to remove any type of Active Directory object. </maml:para><maml:para>The Identity parameter specifies the Active Directory object to remove. You can identify an object by its distinguished name (DN) or GUID. You can also set the Identity parameter to an Active Directory object variable, such as $<localObject>, or pass an object through the pipeline to the Identity parameter. For example, you can use the Get-ADObject cmdlet to retrieve an object and then pass the object through the pipeline to the Remove-ADObject cmdlet. </maml:para><maml:para>If the object you specify to remove has child objects, you must specify the Recursive parameter. </maml:para><maml:para>For AD LDS environments, the Partition parameter must be specified except when: -- Using a DN to identify objects: the partition will be auto-generated from the DN. -- Running cmdlets from an Active Directory provider drive: the current path will be used to set the partition. -- A default naming context or partition is specified. </maml:para><maml:para>To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-ADObject</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy -- Microsoft.ActiveDirectory.Management.ADDomain</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADObject</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IncludeDeletedObjects</maml:name><maml:description><maml:para>Specifies that the cmdlet retrieves deleted objects and the deactivated forward and backward links. When this parameter is specified, the cmdlet uses the following LDAP controls: -- Show Deleted Objects (1.2.840.113556.1.4.417) -- Show Deactivated Links (1.2.840.113556.1.4.2065) </maml:para><maml:para>Note: If this parameter is not specified, the cmdlet will not return or operate on deleted objects. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Recursive</maml:name><maml:description><maml:para>Specifies that the cmdlet should remove the object and any children it contains. </maml:para><maml:para>Note: Specifying this parameter it will remove all child objects even if there are objects marked with ProtectedFromAccidentalDeletion. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy -- Microsoft.ActiveDirectory.Management.ADDomain</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADObject</command:parameterValue><dev:type><maml:name>ADObject</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IncludeDeletedObjects</maml:name><maml:description><maml:para>Specifies that the cmdlet retrieves deleted objects and the deactivated forward and backward links. When this parameter is specified, the cmdlet uses the following LDAP controls: -- Show Deleted Objects (1.2.840.113556.1.4.417) -- Show Deactivated Links (1.2.840.113556.1.4.2065) </maml:para><maml:para>Note: If this parameter is not specified, the cmdlet will not return or operate on deleted objects. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Recursive</maml:name><maml:description><maml:para>Specifies that the cmdlet should remove the object and any children it contains. </maml:para><maml:para>Note: Specifying this parameter it will remove all child objects even if there are objects marked with ProtectedFromAccidentalDeletion. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADObject</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An Active Directory object is received by the Identity parameter. Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADOrganizationalUnit -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy -- Microsoft.ActiveDirectory.Management.ADDomain </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work when connected to a Global Catalog port. </maml:para></maml:alert><maml:alert><maml:para>By default, this cmdlet has the Confirm parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify -Confirm:$False when using this cmdlet. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADObject -Identity 'CN=AmyAl-LPTOP,CN=Computers,DC=FABRIKAM,DC=COM' Confirm Are you sure you want to perform this action? Performing operation "Remove" on Target "CN=AmyAl-LPTOP,CN=Computers,DC=FABRIKAM,DC=COM". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y </dev:code><dev:remarks><maml:para>This command removes the object identified by the DistinguishedName CN=AmyAl-LPTOP,CN=Computers,DC=FABRIKAM,DC=COM. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADObject -Identity "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM" -Recursive Confirm Are you sure you want to perform this action? Performing operation "Remove" on Target "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y </dev:code><dev:remarks><maml:para>This command deletes the container with DistinguishedName OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM including the child objects. Note: All the children of the container including the ones which are protected from accidental deletion are also deleted. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADObject -Identity "65511e76-ea80-45e1-bc93-08a78d8c4853" -Confirm:$False </dev:code><dev:remarks><maml:para>This command removes the object with objectGUID 65511e76-ea80-45e1-bc93-08a78d8c4853 without giving the confirmation prompt. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADObject -Identity "CN=InternalApps,DC=AppNC" -Server "FABRIKAM-SRV1:60000" Confirm Are you sure you want to perform this action? Performing operation "Remove" on Target "CN=InternalApps,DC=AppNC". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y </dev:code><dev:remarks><maml:para>This command removes the object with DistinguishedName CN=InternalApps,DC=AppNC from an LDS instance. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADObject -Filter 'isDeleted -eq $true -and -not (isRecycled -eq $true) -and name -ne "Deleted Objects" -and lastKnownParent -eq "OU=Accounting,DC=Fabrikam,DC=com"' -IncludeDeletedObjects | Remove-ADObject </dev:code><dev:remarks><maml:para>This command recycles all the objects in the recycle bin which used to be in the container OU=Accounting,DC=Fabrikam,DC=com. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291090</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADObject</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Remove-ADOrganizationalUnit</command:name><maml:description><maml:para>Removes an Active Directory organizational unit.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>ADOrganizationalUnit</command:noun><dev:version /></command:details><maml:description><maml:para>The Remove-ADOrganizationalUnit cmdlet removes an Active Directory organizational unit. </maml:para><maml:para>The Identity parameter specifies the organizational unit to remove. You can identify an organizational unit by its distinguished name (DN) or GUID. You can also set the parameter to an organizational unit object variable, such as $<localOrganizationUnitObject> or you can pass an object through the pipeline to the Identity parameter. For example, you can use the Get-ADOrganizationalUnit cmdlet to retrieve the object and then pass the object through the pipeline to the Remove-ADOrganizationalUnit cmdlet. </maml:para><maml:para>If the object you specify to remove has child objects, you must specify the Recursive parameter. </maml:para><maml:para>If the ProtectedFromAccidentalDeletion property of the organizational unit object is set to true, the cmdlet returns a terminating error. </maml:para><maml:para>For AD LDS environments, the Partition parameter must be specified except in the following two conditions: -- The cmdlet is run from an Active Directory provider drive. -- A default naming context or partition is defined for the AD LDS environment. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-ADOrganizationalUnit</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies the identity of an Active Directory organizational unit object. The parameter accepts the following identity formats. The identifier in parentheses is the LDAP display name for the attribute that contains the identity. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADOrganizationalUnit</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Recursive</maml:name><maml:description><maml:para>Specifies that the cmdlet remove the organizational unit and any child items it contains. You must specify this parameter to remove an organizational unit (OU) that is not empty.</maml:para><maml:para>Note: Specifying this parameter it will remove all child objects under an OU that has been marked with ProtectedFromAccidentalDeletion. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies the identity of an Active Directory organizational unit object. The parameter accepts the following identity formats. The identifier in parentheses is the LDAP display name for the attribute that contains the identity. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADOrganizationalUnit</command:parameterValue><dev:type><maml:name>ADOrganizationalUnit</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Recursive</maml:name><maml:description><maml:para>Specifies that the cmdlet remove the organizational unit and any child items it contains. You must specify this parameter to remove an organizational unit (OU) that is not empty.</maml:para><maml:para>Note: Specifying this parameter it will remove all child objects under an OU that has been marked with ProtectedFromAccidentalDeletion. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADOrganizationalUnit</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An organizational unit object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert><maml:alert><maml:para>By default, this cmdlet has the Confirm parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify -Confirm:$False when using this cmdlet.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADOrganizationalUnit -Identity "OU=Accounting,DC=FABRIKAM,DC=COM" -Recursive Are you sure you want to remove the item and all its children? Performing recursive remove on Target: 'OU=Accounting,DC=Fabrikam,DC=com'. [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"):y </dev:code><dev:remarks><maml:para>This command removes an OrganizationalUnit and all of its children. If the OrganizationalUnit is protected from deletion, then the OrganizationalUnit and its children will not be deleted. If the OrganizationalUnit is not protected but any of the children are, then both the OrganizationalUnit and the children will be deleted. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADOrganizationalUnit -Identity "1b228aa5-2c14-48b8-ad8a-2685dc22e055" -Confirm:$False </dev:code><dev:remarks><maml:para>This command removes an OrganizationalUnit using its objectGUID as the Identity while suppressing the confirmation prompt. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADOrganizationalUnit -Identity "OU=Accounting,DC=FABRIKAM,DC=COM" Confirm Are you sure you want to perform this action? Performing operation "Remove" on Target "OU=Accounting,DC=Fabrikam,DC=com". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"):y </dev:code><dev:remarks><maml:para>This command removes the Accounting OrganizationalUnit. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADOrganizationalUnit -Identity "OU=Managed,DC=AppNC" -server "FABRIKAM-SRV1:60000" -Confirm:$False </dev:code><dev:remarks><maml:para>This command removes an OrganizationalUnit from an LDS instance. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291091</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADOrganizationalUnit</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADOrganizationalUnit</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADOrganizationalUnit</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Remove-ADPrincipalGroupMembership</command:name><maml:description><maml:para>Removes a member from one or more Active Directory groups. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>ADPrincipalGroupMembership</command:noun><dev:version /></command:details><maml:description><maml:para>The Remove-ADPrincipalGroupMembership cmdlet removes a user, group, computer, service account, or any other account object from one or more Active Directory groups. </maml:para><maml:para>The Identity parameter specifies the user, group, or computer to remove. You can identify the user, group, or computer by its distinguished name (DN), GUID, security identifier (SID) or SAM account name. You can also specify a user, group, or computer object variable, such as $<localGroupObject>, or pass an object through the pipeline to the Identity parameter. For example, you can use the Get-ADUsercmdlet to retrieve a user object and then pass the object through the pipeline to the Remove-ADPrincipalGroupMembership cmdlet. Similarly, you can use Get-ADGroupor Get-ADComputerto get group, service account and computer objects to pass through the pipeline. </maml:para><maml:para>This cmdlet collects all of the user, computer, service account and group objects from the pipeline, and then removes these objects from the specified group by using one Active Directory operation. </maml:para><maml:para>The MemberOf parameter specifies the groups that you want to remove the member from. You can identify a group by its distinguished name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. You can also specify group object variable, such as $<localGroupObject>. To specify more than one group, use a comma-separated list. You cannot pass group objects through the pipeline to the MemberOf parameter. To remove a member from groups that are passed through the pipeline, use Remove-ADGroupMember cmdlet. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-ADPrincipalGroupMembership</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory principal object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADPrincipal</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>MemberOf</maml:name><maml:description><maml:para>Specifies the Active Directory groups to add a user, computer, or group to as a member. You can identify a group by providing one of the following values. Note: The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>If you are specifying more than one group, use commas to separate the groups in the list. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADGroup[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory principal object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADPrincipal</command:parameterValue><dev:type><maml:name>ADPrincipal</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>MemberOf</maml:name><maml:description><maml:para>Specifies the Active Directory groups to add a user, computer, or group to as a member. You can identify a group by providing one of the following values. Note: The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>If you are specifying more than one group, use commas to separate the groups in the list. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADGroup[]</command:parameterValue><dev:type><maml:name>ADGroup[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADPrincipal</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A principal object that represents user, computer, or group is received by the Identity parameter. Derived types, such as the following are also received by this parameter. -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADGroup</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADPrincipal</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns a principal object that represents the modified user, computer or group object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert><maml:alert><maml:para>By default, this cmdlet has the Confirm parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify -Confirm:$False when using this cmdlet. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADPrincipalGroupMembership -Identity "Wilson Pais" -MemberOf "Administrators" Remove members from group Do you want to remove all the specified member(s) from the specified group(s)? [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Y </dev:code><dev:remarks><maml:para>This command removes the user Wilson Pais from the administrators group.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADUser -server localhost:60000 -Identity "CN=GlenJohns,DC=AppNC" | Remove-ADPrincipalGroupMembership -memberof "CN=AccessControl,DC=AppNC" </dev:code><dev:remarks><maml:para>This command retrieves the user with DistinguishedName 'CN=GlenJohns,DC=AppNC' and remove it from the group with the DistinguishedName 'CN=AccessControl,DC=AppNC' using the pipeline. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291092</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ADGroupMember</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ADPrincipalGroupMembership</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADComputer</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADGroup</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADGroupMember</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADPrincipalGroupMembership</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADUser</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADGroupMember</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Remove-ADReplicationSite</command:name><maml:description><maml:para>Deletes the specified replication site object from Active Directory.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>ADReplicationSite</command:noun><dev:version /></command:details><maml:description><maml:para>The Remove-ADReplicationSite cmdlet deletes a specified replication site object from Active Directory. If domain controllers are no longer needed in a network location, you can remove them from a site and then delete the site object. Before deleting the site, you must remove all domain controllers from the site either by removing them entirely or by moving them to a new location. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-ADReplicationSite</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSite</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSite</command:parameterValue><dev:type><maml:name>ADReplicationSite</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADReplicationSite</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A site object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>By default, this cmdlet has the Confirm parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify -Confirm:$False when using this cmdlet. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADReplicationSite -Identity Europe </dev:code><dev:remarks><maml:para>This command removes the site with name Europe.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationSite -Filter {Description -eq "For testing only."} | Remove-ADReplicationSite </dev:code><dev:remarks><maml:para>This command gets the sites that are for testing only and removes them. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291093</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADReplicationSite</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADReplicationSite</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADReplicationSite</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Remove-ADReplicationSiteLink</command:name><maml:description><maml:para>Deletes an Active Directory site link used to manage replication.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>ADReplicationSiteLink</command:noun><dev:version /></command:details><maml:description><maml:para>The Remove-ADReplicationSiteLink cmdlet removes a site link object used to manage replication traffic between two sites in your Active Directory installation. For more information on site links, see <maml:navigationLink><maml:linkText>Creating a Site Link Design</maml:linkText><maml:uri></maml:uri></maml:navigationLink> in the TechNet Library: http://go.microsoft.com/fwlink/?LinkId=221870. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-ADReplicationSiteLink</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSiteLink</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSiteLink</command:parameterValue><dev:type><maml:name>ADReplicationSiteLink</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADReplicationSiteLink</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A site link object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>By default, this cmdlet has the Confirm parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify -Confirm:$False when using this cmdlet. </maml:para></maml:alert><maml:alert></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADReplicationSiteLink -Identity "Europe-Asia" </dev:code><dev:remarks><maml:para>This command removes the site link with the name Europe-Asia.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationSiteLink -Filter {SitesIncluded -eq "NorthAmerica"} | Remove-ADReplicationSiteLink </dev:code><dev:remarks><maml:para>This command gets the site links that include NorthAmerica and removes them.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291094</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADReplicationSiteLink</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADReplicationSiteLink</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADReplicationSiteLink</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Remove-ADReplicationSiteLinkBridge</command:name><maml:description><maml:para>Deletes the specified replication site link bridge from Active Directory.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>ADReplicationSiteLinkBridge</command:noun><dev:version /></command:details><maml:description><maml:para>The Remove-ADReplicationSiteLinkBridge cmdlet deletes the specified replication site link bridge from Active Directory. A site link bridge connects two or more site links and enables transitivity between site links. Each site link in a bridge must have a site in common with another site link in the bridge. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-ADReplicationSiteLinkBridge</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSiteLinkBridge</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSiteLinkBridge</command:parameterValue><dev:type><maml:name>ADReplicationSiteLinkBridge</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADReplicationSiteLinkBridge</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A site link bridge object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>By default, this cmdlet has the Confirm parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify -Confirm:$False when using this cmdlet. </maml:para></maml:alert><maml:alert></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADReplicationSiteLinkBridge -Identity "NorthAmerica-Asia" </dev:code><dev:remarks><maml:para>This command removes the site link bridge with name NorthAmerica-Asia. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationSiteLinkBridge -Filter {SiteLinksIncluded -eq "Europe-Asia"} | Remove-ADReplicationSiteLinkBridge </dev:code><dev:remarks><maml:para>This command gets the site link bridges that include Europe-Asia and removes them.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291095</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADReplicationSiteLinkBridge</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADReplicationSiteLinkBridge</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADReplicationSiteLinkBridge</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Remove-ADReplicationSubnet</command:name><maml:description><maml:para>Deletes the specified Active Directory replication subnet object from the directory.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>ADReplicationSubnet</command:noun><dev:version /></command:details><maml:description><maml:para>The Remove-ADReplicationSubnet cmdlet deletes the specified Active Directory replication subnet object from the directory. Subnet objects (class subnet) define network subnets in Active Directory. A network subnet is a segment of a TCP/IP network to which a set of logical IP addresses is assigned. Subnets group computers in a way that identifies their physical proximity on the network. Subnet objects in Active Directory are used to map computers to sites. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-ADReplicationSubnet</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSubnet</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSubnet</command:parameterValue><dev:type><maml:name>ADReplicationSubnet</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADReplicationSubnet</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A subnet object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>By default, this cmdlet has the Confirm parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify -Confirm:$False when using this cmdlet. </maml:para></maml:alert><maml:alert></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADReplicationSubnet -Identity "10.0.0.0/25" </dev:code><dev:remarks><maml:para>This cmdlet removes the site link with name 10.0.0.0/25.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationSubnet -Filter {Location -like "*Japan"} | Remove-ADReplicationSubnet </dev:code><dev:remarks><maml:para>This command gets all the subnets in Japan and removes them. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291096</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADReplicationSubnet</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADReplicationSubnet</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADReplicationSubnet</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Remove-ADResourceProperty</command:name><maml:description><maml:para>Removes a resource property from Active Directory. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>ADResourceProperty</command:noun><dev:version /></command:details><maml:description><maml:para>The Remove-ADResourceProperty cmdlet removes a resource property from Active Directory. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-ADResourceProperty</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the resource property. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourceProperty</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the resource property. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourceProperty</command:parameterValue><dev:type><maml:name>ADResourceProperty</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADResourceProperty</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert><maml:alert><maml:para>By default, this cmdlet has the Confirm parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify -Confirm:$False when using this cmdlet. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADResourceProperty -Identity "Country" </dev:code><dev:remarks><maml:para>This command removes the specified resource property.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291097</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Remove-ADResourcePropertyList</command:name><maml:description><maml:para>Removes one or more resource property lists from Active Directory. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>ADResourcePropertyList</command:noun><dev:version /></command:details><maml:description><maml:para>The Remove-ADResourcePropertyList cmdlet removes one or more claim lists from Active Directory. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-ADResourcePropertyList</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the resource property.The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourcePropertyList</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the resource property.The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourcePropertyList</command:parameterValue><dev:type><maml:name>ADResourcePropertyList</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADResourcePropertyList</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller.</maml:para></maml:alert><maml:alert><maml:para>By default, this cmdlet has the Confirm parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify -Confirm:$False when using this cmdlet. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADResourcePropertyList -Identity "Corporate Resource Property List" </dev:code><dev:remarks><maml:para>This command removes the resource property list named Corporate Resource Property List. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADResourcePropertyList -Filter 'Name -Like "Branch*"' | Remove-ADResourcePropertyList </dev:code><dev:remarks><maml:para>This command gets all resource property lists whose name starts with Branch and then removes them.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291098</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Remove-ADResourcePropertyListMember</command:name><maml:description><maml:para>Removes one or more resource properties from a resource property list in Active Directory. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>ADResourcePropertyListMember</command:noun><dev:version /></command:details><maml:description><maml:para>The Remove-ADResourcePropertyListMember cmdlet can be used to remove one or more resource properties from a resource property list in Active Directory. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-ADResourcePropertyListMember</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourcePropertyList</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Members</maml:name><maml:description><maml:para>Specifies an array of ADResourceProperty objects in a comma-separated list to add to a resource property list. To identify each object, use one of the following property values: -- Name -- Distinguished Name -- GUID (objectGUID) Note: The identifier in parentheses is the LDAP display name. </maml:para><maml:para>You can also provide objects to this parameter directly. </maml:para><maml:para>You cannot pass objects through the pipeline to this parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADResourceProperty[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. The following example shows how to create credentials. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. The following example shows how to create credentials. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourcePropertyList</command:parameterValue><dev:type><maml:name>ADResourcePropertyList</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Members</maml:name><maml:description><maml:para>Specifies an array of ADResourceProperty objects in a comma-separated list to add to a resource property list. To identify each object, use one of the following property values: -- Name -- Distinguished Name -- GUID (objectGUID) Note: The identifier in parentheses is the LDAP display name. </maml:para><maml:para>You can also provide objects to this parameter directly. </maml:para><maml:para>You cannot pass objects through the pipeline to this parameter. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADResourceProperty[]</command:parameterValue><dev:type><maml:name>ADResourceProperty[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADResourcePropertyList</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An ADResourcePropertyList object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADResourcePropertyList</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the modified ADResourcePropertyList object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>By default, this cmdlet has the Confirm parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify -Confirm:$False when using this cmdlet.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADResourcePropertyListMember -Identity "Global Resource Property List" -Members Country </dev:code><dev:remarks><maml:para>This command removes the resource property specified as a list member, Country, from the specified resource property list, Global Resource Property List.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADResourcePropertyListMember -Identity "Corporate Resource Property List" -Members Department,Country </dev:code><dev:remarks><maml:para>This command removes the resource properties named Department and Country from the resource property list, Corporate Resource Property List.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADResourcePropertyList -Filter { Name -like "Corporate*" } | Remove-ADResourcePropertyListMember -Members Department,Country </dev:code><dev:remarks><maml:para>This command gets the resource property lists that have a name that begins with Corporate and then pipes it to Remove-ADResourcePropertyListMember, which then removes the resource properties with the name Department and Country from it. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291099</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Remove-ADServiceAccount</command:name><maml:description><maml:para>Removes an Active Directory managed service account or group managed service account object.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>ADServiceAccount</command:noun><dev:version /></command:details><maml:description><maml:para>The Remove-ADServiceAccount cmdlet removes an Active Directory managed service account (MSA). This cmdlet does not make changes to any computers that use the MSA. After this operation, the MSA no longer exists in the directory, but computers will still be configured to use the MSA.</maml:para><maml:para>The Identity parameter specifies the Active Directory MSA to remove. You can identify a MSA by its distinguished name (DN), GUID, security identifier (SID) or security accounts manager (SAM) account name. You can also set the Identity parameter to a MSA object variable, such as $<localSerivceAccountObject>, or you can pass a MSA object through the pipeline to the Identity parameter. For example, you can use the Get-ADServiceAccount cmdlet to retrieve a MSA object and then pass the object through the pipeline to the Remove-ADServiceAccount cmdlet. </maml:para><maml:para>Note: Removing the service account is a different operation than uninstalling the service account locally. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-ADServiceAccount</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADServiceAccount</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Domain name values: -- Fully qualified domain name (FQDN) -- NetBIOS name</maml:para><maml:para>Directory server values: -- Fully qualified directory server name -- NetBIOS name -- Fully qualified directory server name and port</maml:para><maml:para>The default value for the Server parameter is determined by one of the following methods in the order that they are listed: -- By using Server value from objects passed through the pipeline. -- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. -- By using the domain of the computer running PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADServiceAccount</command:parameterValue><dev:type><maml:name>ADServiceAccount</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Domain name values: -- Fully qualified domain name (FQDN) -- NetBIOS name</maml:para><maml:para>Directory server values: -- Fully qualified directory server name -- NetBIOS name -- Fully qualified directory server name and port</maml:para><maml:para>The default value for the Server parameter is determined by one of the following methods in the order that they are listed: -- By using Server value from objects passed through the pipeline. -- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. -- By using the domain of the computer running PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A managed service account object is received by the Identity parameter.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert><maml:alert><maml:para>By default, this cmdlet has the Confirm parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify -Confirm:$False when using this cmdlet.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADServiceAccount -Identity SQL-SRV1 </dev:code><dev:remarks><maml:para>This command removes the managed service account named service1. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADServiceAccount -Filter {Name -like 'SQL*'} | Remove-ADServiceAccount </dev:code><dev:remarks><maml:para>This command removes all managed service accounts with names that start with SQL. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291100</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Install-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Uninstall-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Remove-ADUser</command:name><maml:description><maml:para>Removes an Active Directory user.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>ADUser</command:noun><dev:version /></command:details><maml:description><maml:para>The Remove-ADUser cmdlet removes an Active Directory user.</maml:para><maml:para>The Identity parameter specifies the Active Directory user to remove. You can identify a user by its distinguished name (DN), GUID, security identifier (SID) or security accounts manager (SAM) account name. You can also set the Identity parameter to a user object variable, such as $<localUserObject>, or you can pass a user object through the pipeline to the Identity parameter. For example, you can use the Get-ADUser cmdlet to retrieve a user object and then pass the object through the pipeline to the Remove-ADUser cmdlet.</maml:para><maml:para>If the ADUser is being identified by its DN, the Partition parameter will be automatically determined.</maml:para><maml:para>For AD LDS environments, the Partition parameter must be specified except in the following two conditions: -- The cmdlet is run from an Active Directory provider drive. -- A default naming context or partition is defined for the AD LDS environment. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-ADUser</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory user object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADUser</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: _- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory user object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADUser</command:parameterValue><dev:type><maml:name>ADUser</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: _- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADUser</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A user object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller.</maml:para></maml:alert><maml:alert><maml:para>By default, this cmdlet has the Confirm parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify -Confirm:$False when using this cmdlet.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADUser -Identity GlenJohn </dev:code><dev:remarks><maml:para>This command removes the user with samAccountName GlenJohn.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Search-ADAccount -AccountDisabled | where {$_.ObjectClass -eq 'user'} | Remove-ADUser </dev:code><dev:remarks><maml:para>This command searches for any users that have disabled accounts and remove them.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Remove-ADUser -Identity "CN=Glen John,OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM" </dev:code><dev:remarks><maml:para>This command removes the user with DistinguishedName CN=Glen John,OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADUser -Identity "cn=glenjohn,dc=appnc" -Server Lds.Fabrikam.com:50000 | Remove-ADUser </dev:code><dev:remarks><maml:para>This command gets the user with DistinguishedName cn=glenjohn,dc=appnc from the AD LDS instance and removes it.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291101</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADUser</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADUser</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADUser</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Rename-ADObject</command:name><maml:description><maml:para>Changes the name of an Active Directory object. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Rename</command:verb><command:noun>ADObject</command:noun><dev:version /></command:details><maml:description><maml:para>The Rename-ADObject cmdlet renames an Active Directory object. This cmdlet sets the Name property of an Active Directory object that has an LDAP Display Name (ldapDisplayName) of name. To modify the given name, surname and other name of a user, use the Set-ADUser cmdlet. To modify the Security Accounts Manager (SAM) account name of a user, computer, or group, use the Set-ADUser, Set-ADComputer, or Set-ADGroup cmdlet. </maml:para><maml:para>The Identity parameter specifies the object to rename. You can identify an object or container by its distinguished name (DN) or GUID. You can also set the Identity parameter to an object variable such as $<localObject>, or you can pass an object through the pipeline to the Identity parameter. For example, you can use the Get-ADObject cmdlet to retrieve an object and then pass the object through the pipeline to the Rename-ADObject cmdlet. You can also use the Get-ADGroup, Get-ADUser, Get-ADComputer, Get-ADServiceAccount, Get-ADOrganizationalUnit, and Get-ADFineGrainedPasswordPolicy cmdlets to get an object that you can pass through the pipeline to this cmdlet. </maml:para><maml:para>The NewName parameter defines the new name for the object and must be specified. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Rename-ADObject</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy -- Microsoft.ActiveDirectory.Management.ADDomain</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADObject</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>NewName</maml:name><maml:description><maml:para>Specifies the new name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy -- Microsoft.ActiveDirectory.Management.ADDomain</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADObject</command:parameterValue><dev:type><maml:name>ADObject</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>NewName</maml:name><maml:description><maml:para>Specifies the new name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADObject</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An Active Directory object is received by the Identity parameter. </maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADOrganizationalUnit -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Rename-ADObject -Identity "CN=HQ,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM" -NewName UnitedKingdomHQ </dev:code><dev:remarks><maml:para>This command renames the name of an existing site HQ to the new name UnitedKingdomHQ. If the distinguished name is provided in the Identity parameter, then the Partition parameter is not required. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Rename-ADObject -Identity "4777c8e8-cd29-4699-91e8-c507705a0966" -NewName "AmsterdamHQ" -Partition "CN=Configuration,DC=FABRIKAM,DC=COM" </dev:code><dev:remarks><maml:para>This command renames the object with objectGUID 4777c8e8-cd29-4699-91e8-c507705a0966 to SiteNewName. Note Partition parameter is required because the Naming Context of the site object is not known from the GUID provided to the Identity parameter. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Rename-ADObject -Identity "OU=ManagedGroups,OU=Managed,DC=Fabrikam,DC=Com" -NewName Groups </dev:code><dev:remarks><maml:para>This command renames the object with the DistinguisedName OU=ManagedGroups,OU=Managed,DC=Fabrikam,DC=Com to Groups. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Rename-ADObject -Identity "4777c8e8-cd29-4699-91e8-c507705a0966" -NewName "DavidAhs" </dev:code><dev:remarks><maml:para>This command renames the object with objectGUID 4777c8e8-cd29-4699-91e8-c507705a0966 to DavidAhs. Note that the Partition parameter is not specified because the object is in the Default Naming Context of the domain. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Rename-ADObject -Identity "CN=Apps,DC=AppNC" -NewName "InternalApps" -server "FABRIKAM-SRV1:60000" </dev:code><dev:remarks><maml:para>This command renames the container CN=Apps,DC=AppNC to InternalApps in an LDS instance.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291102</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Move-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Restore-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADObject</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Reset-ADServiceAccountPassword</command:name><maml:description><maml:para>Resets the password for a standalone managed service account. Reset is not supported for group managed service accounts.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Reset</command:verb><command:noun>ADServiceAccountPassword</command:noun><dev:version /></command:details><maml:description><maml:para>The Reset-ADServiceAccountPassword cmdlet resets the password for the standalone managed service account (MSA) on the local computer. This cmdlet needs to be run on the computer where the standalone MSA is installed. </maml:para><maml:para>The Identity parameter specifies the Active Directory standalone MSA that receives the password reset. You can identify a MSA by its distinguished name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. You can also set the Identity parameter to a MSA object variable, such as $<localServiceAccountObject>, or pass a MSA object through the pipeline to the Identity parameter. For example, you can use the Get-ADServiceAccount cmdlet to retrieve a standalone MSA object and then pass the object through the pipeline to the Reset-ADServiceAccountPassword cmdlet. </maml:para><maml:para>Note: When you reset the password for a computer, you also reset all of the standalone MSA passwords for that computer. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Reset-ADServiceAccountPassword</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADServiceAccount</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADServiceAccount</command:parameterValue><dev:type><maml:name>ADServiceAccount</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A managed service account object is received by the Identity parameter.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Reset-ADServiceAccountPassword -Identity ServiceAccount1 </dev:code><dev:remarks><maml:para>This command resets the password on the standalone managed service account ServiceAccount1.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291103</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Restore-ADObject</command:name><maml:description><maml:para>Restores an Active Directory object.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Restore</command:verb><command:noun>ADObject</command:noun><dev:version /></command:details><maml:description><maml:para>The Restore-ADObject cmdlet restores a deleted Active Directory object. </maml:para><maml:para>The NewName parameter specifies the new name for the restored object. If the NewName parameter is not specified, the value of the Active Directory attribute with an LDAP display name of msDS-lastKnownRDN is used. The TargetPath parameter specifies the new location for the restored object. If the TargetPath is not specified, the value of the Active Directory attribute with an LDAP display name of lastKnownParent is used. </maml:para><maml:para>The Identity parameter specifies the Active Directory object to restore. You can identify an object by its distinguished name (DN) or GUID. You can also set the Identity parameter to an object variable such as $<localObject>, or you can pass an object through the pipeline to the Identity parameter. For example, you can use the Get-ADObject cmdlet to retrieve a deleted object by specifying the IncludeDeletedObjects parameter. You can then pass the object through the pipeline to the Restore-ADObject cmdlet. </maml:para><maml:para>Note: You can get the distinguished names of deleted objects by using the Get-ADObject cmdlet with the IncludeDeletedObjects parameter specified. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Restore-ADObject</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADObject</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>NewName</maml:name><maml:description><maml:para>Specifies the new name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TargetPath</maml:name><maml:description><maml:para>Specifies the new location for the object. This location must be the path to a container or organizational unit. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADObject</command:parameterValue><dev:type><maml:name>ADObject</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>NewName</maml:name><maml:description><maml:para>Specifies the new name of the object. This parameter sets the Name property of the Active Directory object. The LDAP Display Name (ldapDisplayName) of this property is name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TargetPath</maml:name><maml:description><maml:para>Specifies the new location for the object. This location must be the path to a container or organizational unit. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADObject</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An Active Directory object is received by the Identity parameter. </maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADOrganizationalUnit -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy -- Microsoft.ActiveDirectory.Management.ADDomain</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADObject</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the restored object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Restore-ADObject -Identity "613dc90a-2afd-49fb-8bd8-eac48c6ab59f" -NewName "Kim Abercrombie" -TargetPath "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM" </dev:code><dev:remarks><maml:para>This command restores the ADObject while setting the msDS-LastKnownRDN attribute of the deleted object to NewName parameter and setting the lastKnownRDN to the TargetPath parameter. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Restore-ADObject -Identity "CN=Kim Abercrombie\0ADEL:613dc90a-2afd-49fb-8bd8-eac48c6ab59f,CN=Deleted Objects,DC=FABRIKAM,DC=COM" -NewName "Kim Abercrombie" -TargetPath "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM" </dev:code><dev:remarks><maml:para>This command restores the ADObject while setting the msDS-LastKnownRDN attribute of the deleted object to NewName parameter and setting the lastKnownRDN to the TargetPath parameter. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADObject -Filter 'samaccountname -eq "kimabercrombie"' -IncludeDeletedObjects | Restore-ADObject </dev:code><dev:remarks><maml:para>This command finds a deleted user whose samaccountname is kimabercrombie, and restores it. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Restore-ADObject -Identity '6bb3bfe9-4355-48ee-b3b6-4fda6917d31d' -Server server1:50000 </dev:code><dev:remarks><maml:para>This command restores an AD-LDS object using ObjectGUID.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADObject -Filter 'msds-lastknownrdn -eq "user1"' -Server server1:50000 -IncludeDeletedObjects -SearchBase "o=app1,c=us" | Restore-ADObject </dev:code><dev:remarks><maml:para>This command restores an AD-LDS object using msds-LastKnownRDN. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291104</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Move-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Rename-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADObject</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Revoke-ADAuthenticationPolicySiloAccess</command:name><maml:description><maml:para>Revokes membership in an authentication policy silo for the specified account.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Revoke</command:verb><command:noun>ADAuthenticationPolicySiloAccess</command:noun><dev:version /></command:details><maml:description><maml:para>The Revoke-ADAuthenticationPolicySiloAccess cmdlet revokes the membership in an authentication policy silo for one or more accounts in Active Directory® Domain Services. </maml:para><maml:para>The Identity parameter specifies the Active Directory Domain Services authentication policy silo that contains the user accounts to remove. You can identify an authentication policy silo by its distinguished name (DN), GUID or name. You can also use the Identity parameter to specify a variable that contains an authentication policy silo object, or you can use the pipeline operator to pass an authentication policy object to the Identity parameter. </maml:para><maml:para>The Account parameter specifies the users, computers and service accounts to remove from the authentication policy silo specified by the Identity parameter. You can identify a user, computer or service account by its DN, GUID, security identifier (SID), or Security Accounts Manager (SAM) account name. You can also use the Account parameter to specify a variable that contains user, computer, and service account objects.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Revoke-ADAuthenticationPolicySiloAccess</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an ADAuthenticationPolicySilo object. Specify the authentication policy silo object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="2" aliases=""><maml:name>Account</maml:name><maml:description><maml:para>Specifies the account to remove from the authentication policy silo. Specify the account in one of the following formats: -- Distinguished Name -- GUID -- Security Identifier -- SAM Account Name </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>You can also use this parameter to specify a variable that contains user, computer, and service account objects.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAccount</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="2" aliases=""><maml:name>Account</maml:name><maml:description><maml:para>Specifies the account to remove from the authentication policy silo. Specify the account in one of the following formats: -- Distinguished Name -- GUID -- Security Identifier -- SAM Account Name </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>You can also use this parameter to specify a variable that contains user, computer, and service account objects.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAccount</command:parameterValue><dev:type><maml:name>ADAccount</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an ADAuthenticationPolicySilo object. Specify the authentication policy silo object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicySilo</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADAuthenticationPolicySilo</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>This cmdlet accepts an authentication policy silo object. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADAuthenticationPolicySilo</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>This cmdlet returns the modified authentication policy silo object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>Example 1: Revoke access to an authentication policy silo</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Revoke-ADAuthenticationPolicySiloAccess -Identity AuthenticationPolicySilo01 -Account User01 -Confirm:$False </dev:code><dev:remarks><maml:para>This command revokes access to the authentication policy silo named AuthenticationPolicySilo01 for the user account named User01. Because the Confirm parameter is set to $False, no confirmation message appears.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 2: Revoke access to an authentication policy silo for filter matches</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADComputer -Filter 'Name -like "newComputer*"' | Revoke-ADAuthenticationPolicySiloAccess -Identity AuthenticationPolicySilo02 Confirm Are you sure you want to perform this action? Performing the operation "Set" on target "CN=Silo,CN=AuthN Silos,CN=AuthN PolicyConfiguration,CN=Services,CN=Configuration,DC=DC01,DC=Contoso,DC=com". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): A </dev:code><dev:remarks><maml:para>This example first uses the Get-ADComputer cmdlet to get a list of computers that match the filter specified by the Filter parameter. The output is then passed to the Revoke-ADAuthenticationPolicySiloAccess to remove access to the authentication policy silo named AuthenticationPolicySilo02. Because the Confirm parameter is not specified, a confirmation message appears.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=296772</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Grant-ADAuthenticationPolicySiloAccess</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Search-ADAccount</command:name><maml:description><maml:para>Gets Active Directory user, computer, or service accounts.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Search</command:verb><command:noun>ADAccount</command:noun><dev:version /></command:details><maml:description><maml:para>The Search-ADAccount cmdlet retrieves one or more user, computer, or service accounts that meet the criteria specified by the parameters. Search criteria include account and password status. For example, you can search for all accounts that have expired by specifying the AccountExpired parameter. Similarly, you can search for all accounts with an expired password by specifying the PasswordExpired parameter. You can limit the search to user accounts by specifying the UsersOnly parameter. Similarly, when you specify the ComputersOnly parameter, the cmdlet only retrieves computer accounts.</maml:para><maml:para>Some search parameters, such as AccountExpiring and AccountInactive use a default time that you can change by specifying the DateTime or TimeSpan parameter. The DateTime parameter specifies a distinct time. The TimeSpan parameter specifies a time range from the current time. For example, to search for all accounts that expire in 10 days, specify the AccountExpiring and TimeSpan parameter and set the value of TimeSpan to 10.00:00:00. To search for all accounts that expire before December 31, 2012, set the DateTime parameter to 12/31/2012.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Search-ADAccount</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ComputersOnly</maml:name><maml:description><maml:para>Specifies a search of only computer accounts.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para><maml:para>Specifies the credentials for the security context under which the task is performed. If this security context doesn't have directory level permissions to perform the task, then an error is returned by the directory. If running under the context of an AD PowerShell provider drive, the credentials information associated with the drive is used as the default value; otherwise, the currently logged on user security context is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. </maml:para><maml:para>The default is 256 objects per page.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+c to stop the query and return of objects. The default is $null.</maml:para><maml:para>The following example shows how to set this parameter so that you receive all of the returned objects. -ResultSetSize $null</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under.</maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive.</maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain.</maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value.</maml:para><maml:para>The following example shows how to set this parameter to search under an OU. -SearchBase “ou=mfg,dc=noam,dc=corp,dc=contoso,dc=com” </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Base</command:parameterValue><command:parameterValue required="true" variableLength="false">OneLevel</command:parameterValue><command:parameterValue required="true" variableLength="false">Subtree</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UsersOnly</maml:name><maml:description><maml:para>Specifies a search for user accounts only.</maml:para></maml:description></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AccountDisabled</maml:name><maml:description><maml:para>Specifies a search for accounts that are disabled. An account is disabled when the ADAccount Enabled property is set to false.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Search-ADAccount</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ComputersOnly</maml:name><maml:description><maml:para>Specifies a search of only computer accounts.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para><maml:para>Specifies the credentials for the security context under which the task is performed. If this security context doesn't have directory level permissions to perform the task, then an error is returned by the directory. If running under the context of an AD PowerShell provider drive, the credentials information associated with the drive is used as the default value; otherwise, the currently logged on user security context is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. </maml:para><maml:para>The default is 256 objects per page.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+c to stop the query and return of objects. The default is $null.</maml:para><maml:para>The following example shows how to set this parameter so that you receive all of the returned objects. -ResultSetSize $null</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under.</maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive.</maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain.</maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value.</maml:para><maml:para>The following example shows how to set this parameter to search under an OU. -SearchBase “ou=mfg,dc=noam,dc=corp,dc=contoso,dc=com” </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Base</command:parameterValue><command:parameterValue required="true" variableLength="false">OneLevel</command:parameterValue><command:parameterValue required="true" variableLength="false">Subtree</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UsersOnly</maml:name><maml:description><maml:para>Specifies a search for user accounts only.</maml:para></maml:description></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AccountExpired</maml:name><maml:description><maml:para>Specifies a search for accounts that are expired. An account is expired when the ADAccount AccountExpirationDate property is set to a time in the past. The LDAP Display Name (ldapDisplayName) for the AccountExpirationDate property is accountExpires.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Search-ADAccount</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ComputersOnly</maml:name><maml:description><maml:para>Specifies a search of only computer accounts.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para><maml:para>Specifies the credentials for the security context under which the task is performed. If this security context doesn't have directory level permissions to perform the task, then an error is returned by the directory. If running under the context of an AD PowerShell provider drive, the credentials information associated with the drive is used as the default value; otherwise, the currently logged on user security context is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DateTime</maml:name><maml:description><maml:para>Specifies a distinct time value for Search-ADAccount parameters such as AccountExpiring, AccountInactive, and PasswordExpiring. </maml:para><maml:para>Time is assumed to be local time unless otherwise specified. When a time value is not specified, the time is assumed to midnight local time. When a date is not specified, the date is assumed to be the current date. The following examples show commonly-used syntax to specify a DateTime object. “4/17/2006” “Monday, April 17, 2006” “2:22:45 PM” “Monday, April 17, 2006 2:22:45 PM” </maml:para><maml:para>These examples specify the same date and the time without the seconds. "4/17/2006 2:22 PM” "Monday, April 17, 2006 2:22 PM" "2:22 PM” </maml:para><maml:para>The following example shows how to specify a date and time by using the RFC1123 standard. This example defines time by using Greenwich Mean Time (GMT). "Mon, 17 Apr 2006 21:22:48 GMT” </maml:para><maml:para>The following example shows how to specify a value as Coordinated Universal Time (UTC). This example represents Monday, April 17, 2006 at 2:22:48 PM UTC. "2000-04-17T14:22:48.0000000" </maml:para><maml:para>The following example shows how to set the AccountExpiring parameter to a DateTime value of June 18, 2012 at 2:00:00 AM. -AccountExpiring -DateTime “6/18/2012 2:00:00 AM”</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. </maml:para><maml:para>The default is 256 objects per page.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+c to stop the query and return of objects. The default is $null.</maml:para><maml:para>The following example shows how to set this parameter so that you receive all of the returned objects. -ResultSetSize $null</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under.</maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive.</maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain.</maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value.</maml:para><maml:para>The following example shows how to set this parameter to search under an OU. -SearchBase “ou=mfg,dc=noam,dc=corp,dc=contoso,dc=com” </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Base</command:parameterValue><command:parameterValue required="true" variableLength="false">OneLevel</command:parameterValue><command:parameterValue required="true" variableLength="false">Subtree</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TimeSpan</maml:name><maml:description><maml:para>Sets a time interval. This parameter is used to specify a time value for Search-ADAccount parameters such as AccountExpiring. Specify the time interval in the following format: [-]D.H:M:S.F where: -- D = Days (0 to 10675199) -- H = Hours (0 to 23) -- M = Minutes (0 to 59) -- S = Seconds (0 to 59) -- F= Fractions of a second (0 to 9999999) </maml:para><maml:para>Note: Time values must be between the following values: -10675199:02:48:05.4775808 and 10675199:02:48:05.4775807. </maml:para><maml:para>The following examples show how to set this parameter. Set the time to 2 days -TimeSpan "2" Set the time span to the previous 2 days -TimeSpan "-2" Set the time to 4 hours -TimeSpan "4:00" </maml:para><maml:para>For example, to search for all accounts that are expiring in 10 days, specify the AccountExpiring and TimeSpan parameters as follows. -AccountExpiring -TimeSpan "10"</maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UsersOnly</maml:name><maml:description><maml:para>Specifies a search for user accounts only.</maml:para></maml:description></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AccountExpiring</maml:name><maml:description><maml:para>Specifies a search for accounts that are expiring in a given time period or by a specified time. To specify a time period, use the AccountExpiring parameter with the TimeSpan parameter. To specify a specific time, use the AccountExpiring parameter with the DateTime parameter.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Search-ADAccount</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ComputersOnly</maml:name><maml:description><maml:para>Specifies a search of only computer accounts.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para><maml:para>Specifies the credentials for the security context under which the task is performed. If this security context doesn't have directory level permissions to perform the task, then an error is returned by the directory. If running under the context of an AD PowerShell provider drive, the credentials information associated with the drive is used as the default value; otherwise, the currently logged on user security context is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DateTime</maml:name><maml:description><maml:para>Specifies a distinct time value for Search-ADAccount parameters such as AccountExpiring, AccountInactive, and PasswordExpiring. </maml:para><maml:para>Time is assumed to be local time unless otherwise specified. When a time value is not specified, the time is assumed to midnight local time. When a date is not specified, the date is assumed to be the current date. The following examples show commonly-used syntax to specify a DateTime object. “4/17/2006” “Monday, April 17, 2006” “2:22:45 PM” “Monday, April 17, 2006 2:22:45 PM” </maml:para><maml:para>These examples specify the same date and the time without the seconds. "4/17/2006 2:22 PM” "Monday, April 17, 2006 2:22 PM" "2:22 PM” </maml:para><maml:para>The following example shows how to specify a date and time by using the RFC1123 standard. This example defines time by using Greenwich Mean Time (GMT). "Mon, 17 Apr 2006 21:22:48 GMT” </maml:para><maml:para>The following example shows how to specify a value as Coordinated Universal Time (UTC). This example represents Monday, April 17, 2006 at 2:22:48 PM UTC. "2000-04-17T14:22:48.0000000" </maml:para><maml:para>The following example shows how to set the AccountExpiring parameter to a DateTime value of June 18, 2012 at 2:00:00 AM. -AccountExpiring -DateTime “6/18/2012 2:00:00 AM”</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. </maml:para><maml:para>The default is 256 objects per page.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+c to stop the query and return of objects. The default is $null.</maml:para><maml:para>The following example shows how to set this parameter so that you receive all of the returned objects. -ResultSetSize $null</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under.</maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive.</maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain.</maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value.</maml:para><maml:para>The following example shows how to set this parameter to search under an OU. -SearchBase “ou=mfg,dc=noam,dc=corp,dc=contoso,dc=com” </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Base</command:parameterValue><command:parameterValue required="true" variableLength="false">OneLevel</command:parameterValue><command:parameterValue required="true" variableLength="false">Subtree</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TimeSpan</maml:name><maml:description><maml:para>Sets a time interval. This parameter is used to specify a time value for Search-ADAccount parameters such as AccountExpiring. Specify the time interval in the following format: [-]D.H:M:S.F where: -- D = Days (0 to 10675199) -- H = Hours (0 to 23) -- M = Minutes (0 to 59) -- S = Seconds (0 to 59) -- F= Fractions of a second (0 to 9999999) </maml:para><maml:para>Note: Time values must be between the following values: -10675199:02:48:05.4775808 and 10675199:02:48:05.4775807. </maml:para><maml:para>The following examples show how to set this parameter. Set the time to 2 days -TimeSpan "2" Set the time span to the previous 2 days -TimeSpan "-2" Set the time to 4 hours -TimeSpan "4:00" </maml:para><maml:para>For example, to search for all accounts that are expiring in 10 days, specify the AccountExpiring and TimeSpan parameters as follows. -AccountExpiring -TimeSpan "10"</maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UsersOnly</maml:name><maml:description><maml:para>Specifies a search for user accounts only.</maml:para></maml:description></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AccountInactive</maml:name><maml:description><maml:para>Specifies to search for accounts that have not logged in within a given time period or since a specified time. To specify a time period, use the TimeSpan parameter. To specify a specific time, use the DateTime parameter. Note that this attribute is only used when the domain is in Windows Server 2003 Domain Functional Level, so this parameter will only work in that mode.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Search-ADAccount</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ComputersOnly</maml:name><maml:description><maml:para>Specifies a search of only computer accounts.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para><maml:para>Specifies the credentials for the security context under which the task is performed. If this security context doesn't have directory level permissions to perform the task, then an error is returned by the directory. If running under the context of an AD PowerShell provider drive, the credentials information associated with the drive is used as the default value; otherwise, the currently logged on user security context is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. </maml:para><maml:para>The default is 256 objects per page.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+c to stop the query and return of objects. The default is $null.</maml:para><maml:para>The following example shows how to set this parameter so that you receive all of the returned objects. -ResultSetSize $null</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under.</maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive.</maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain.</maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value.</maml:para><maml:para>The following example shows how to set this parameter to search under an OU. -SearchBase “ou=mfg,dc=noam,dc=corp,dc=contoso,dc=com” </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Base</command:parameterValue><command:parameterValue required="true" variableLength="false">OneLevel</command:parameterValue><command:parameterValue required="true" variableLength="false">Subtree</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UsersOnly</maml:name><maml:description><maml:para>Specifies a search for user accounts only.</maml:para></maml:description></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LockedOut</maml:name><maml:description><maml:para>Specifies a search for accounts that are locked out.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Search-ADAccount</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ComputersOnly</maml:name><maml:description><maml:para>Specifies a search of only computer accounts.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para><maml:para>Specifies the credentials for the security context under which the task is performed. If this security context doesn't have directory level permissions to perform the task, then an error is returned by the directory. If running under the context of an AD PowerShell provider drive, the credentials information associated with the drive is used as the default value; otherwise, the currently logged on user security context is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. </maml:para><maml:para>The default is 256 objects per page.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+c to stop the query and return of objects. The default is $null.</maml:para><maml:para>The following example shows how to set this parameter so that you receive all of the returned objects. -ResultSetSize $null</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under.</maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive.</maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain.</maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value.</maml:para><maml:para>The following example shows how to set this parameter to search under an OU. -SearchBase “ou=mfg,dc=noam,dc=corp,dc=contoso,dc=com” </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Base</command:parameterValue><command:parameterValue required="true" variableLength="false">OneLevel</command:parameterValue><command:parameterValue required="true" variableLength="false">Subtree</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UsersOnly</maml:name><maml:description><maml:para>Specifies a search for user accounts only.</maml:para></maml:description></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PasswordExpired</maml:name><maml:description><maml:para>Specifies a search for accounts that have an expired password.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Search-ADAccount</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ComputersOnly</maml:name><maml:description><maml:para>Specifies a search of only computer accounts.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para><maml:para>Specifies the credentials for the security context under which the task is performed. If this security context doesn't have directory level permissions to perform the task, then an error is returned by the directory. If running under the context of an AD PowerShell provider drive, the credentials information associated with the drive is used as the default value; otherwise, the currently logged on user security context is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. </maml:para><maml:para>The default is 256 objects per page.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+c to stop the query and return of objects. The default is $null.</maml:para><maml:para>The following example shows how to set this parameter so that you receive all of the returned objects. -ResultSetSize $null</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under.</maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive.</maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain.</maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value.</maml:para><maml:para>The following example shows how to set this parameter to search under an OU. -SearchBase “ou=mfg,dc=noam,dc=corp,dc=contoso,dc=com” </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Base</command:parameterValue><command:parameterValue required="true" variableLength="false">OneLevel</command:parameterValue><command:parameterValue required="true" variableLength="false">Subtree</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UsersOnly</maml:name><maml:description><maml:para>Specifies a search for user accounts only.</maml:para></maml:description></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PasswordNeverExpires</maml:name><maml:description><maml:para>Specifies a search for accounts that have a password that does not expire.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AccountDisabled</maml:name><maml:description><maml:para>Specifies a search for accounts that are disabled. An account is disabled when the ADAccount Enabled property is set to false.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AccountExpired</maml:name><maml:description><maml:para>Specifies a search for accounts that are expired. An account is expired when the ADAccount AccountExpirationDate property is set to a time in the past. The LDAP Display Name (ldapDisplayName) for the AccountExpirationDate property is accountExpires.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AccountExpiring</maml:name><maml:description><maml:para>Specifies a search for accounts that are expiring in a given time period or by a specified time. To specify a time period, use the AccountExpiring parameter with the TimeSpan parameter. To specify a specific time, use the AccountExpiring parameter with the DateTime parameter.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AccountInactive</maml:name><maml:description><maml:para>Specifies to search for accounts that have not logged in within a given time period or since a specified time. To specify a time period, use the TimeSpan parameter. To specify a specific time, use the DateTime parameter. Note that this attribute is only used when the domain is in Windows Server 2003 Domain Functional Level, so this parameter will only work in that mode.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ComputersOnly</maml:name><maml:description><maml:para>Specifies a search of only computer accounts.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para><maml:para>Specifies the credentials for the security context under which the task is performed. If this security context doesn't have directory level permissions to perform the task, then an error is returned by the directory. If running under the context of an AD PowerShell provider drive, the credentials information associated with the drive is used as the default value; otherwise, the currently logged on user security context is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DateTime</maml:name><maml:description><maml:para>Specifies a distinct time value for Search-ADAccount parameters such as AccountExpiring, AccountInactive, and PasswordExpiring. </maml:para><maml:para>Time is assumed to be local time unless otherwise specified. When a time value is not specified, the time is assumed to midnight local time. When a date is not specified, the date is assumed to be the current date. The following examples show commonly-used syntax to specify a DateTime object. “4/17/2006” “Monday, April 17, 2006” “2:22:45 PM” “Monday, April 17, 2006 2:22:45 PM” </maml:para><maml:para>These examples specify the same date and the time without the seconds. "4/17/2006 2:22 PM” "Monday, April 17, 2006 2:22 PM" "2:22 PM” </maml:para><maml:para>The following example shows how to specify a date and time by using the RFC1123 standard. This example defines time by using Greenwich Mean Time (GMT). "Mon, 17 Apr 2006 21:22:48 GMT” </maml:para><maml:para>The following example shows how to specify a value as Coordinated Universal Time (UTC). This example represents Monday, April 17, 2006 at 2:22:48 PM UTC. "2000-04-17T14:22:48.0000000" </maml:para><maml:para>The following example shows how to set the AccountExpiring parameter to a DateTime value of June 18, 2012 at 2:00:00 AM. -AccountExpiring -DateTime “6/18/2012 2:00:00 AM”</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue><dev:type><maml:name>DateTime</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LockedOut</maml:name><maml:description><maml:para>Specifies a search for accounts that are locked out.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PasswordExpired</maml:name><maml:description><maml:para>Specifies a search for accounts that have an expired password.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PasswordNeverExpires</maml:name><maml:description><maml:para>Specifies a search for accounts that have a password that does not expire.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultPageSize</maml:name><maml:description><maml:para>Specifies the number of objects to include in one page for an Active Directory Domain Services query. </maml:para><maml:para>The default is 256 objects per page.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResultSetSize</maml:name><maml:description><maml:para>Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+c to stop the query and return of objects. The default is $null.</maml:para><maml:para>The following example shows how to set this parameter so that you receive all of the returned objects. -ResultSetSize $null</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchBase</maml:name><maml:description><maml:para>Specifies an Active Directory path to search under.</maml:para><maml:para>When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive.</maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain.</maml:para><maml:para>When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value.</maml:para><maml:para>The following example shows how to set this parameter to search under an OU. -SearchBase “ou=mfg,dc=noam,dc=corp,dc=contoso,dc=com” </maml:para><maml:para>When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SearchScope</maml:name><maml:description><maml:para>Specifies the scope of an Active Directory search. The acceptable values for this parameter are: -- Base or 0 -- OneLevel or 1 -- Subtree or 2</maml:para><maml:para>A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADSearchScope</command:parameterValue><dev:type><maml:name>ADSearchScope</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TimeSpan</maml:name><maml:description><maml:para>Sets a time interval. This parameter is used to specify a time value for Search-ADAccount parameters such as AccountExpiring. Specify the time interval in the following format: [-]D.H:M:S.F where: -- D = Days (0 to 10675199) -- H = Hours (0 to 23) -- M = Minutes (0 to 59) -- S = Seconds (0 to 59) -- F= Fractions of a second (0 to 9999999) </maml:para><maml:para>Note: Time values must be between the following values: -10675199:02:48:05.4775808 and 10675199:02:48:05.4775807. </maml:para><maml:para>The following examples show how to set this parameter. Set the time to 2 days -TimeSpan "2" Set the time span to the previous 2 days -TimeSpan "-2" Set the time to 4 hours -TimeSpan "4:00" </maml:para><maml:para>For example, to search for all accounts that are expiring in 10 days, specify the AccountExpiring and TimeSpan parameters as follows. -AccountExpiring -TimeSpan "10"</maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue><dev:type><maml:name>TimeSpan</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UsersOnly</maml:name><maml:description><maml:para>Specifies a search for user accounts only.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADAccount</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns one or more account objects that meet the conditions set by the parameters.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Search-ADAccount -AccountDisabled | FT Name,ObjectClass -A Name ObjectClass ---- ----------- Guest user krbtgt user krbtgt_51399 user AmyAl-LPTOP computer DeepakAn-DSKTOP computer </dev:code><dev:remarks><maml:para>This command returns all users, computers and service accounts that are disabled. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Search-ADAccount -AccountDisabled -UsersOnly | FT Name,ObjectClass -A Name ObjectClass ---- ----------- Guest user krbtgt user krbtgt_51399 user </dev:code><dev:remarks><maml:para>This command returns all users that are disabled.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Search-ADAccount -AccountExpired | FT Name,ObjectClass -A Name ObjectClass ---- ----------- Greg Chapman user Claus Hansen user Tomasz Bochenek user </dev:code><dev:remarks><maml:para>This command returns all users, computers and service accounts that are expired. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Search-ADAccount -AccountExpiring -TimeSpan 6.00:00:00 | FT Name,ObjectClass -A Name ObjectClass ---- ----------- Iulian Calinov user John Campbell user Garth Fort user </dev:code><dev:remarks><maml:para>This command returns all users, computers and service accounts that will expire in the next 6 days. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Search-ADAccount -AccountInactive -TimeSpan 90.00:00:00 | FT Name,ObjectClass -A Name ObjectClass ---- ----------- FABRIKAM-RODC1 computer Guest user krbtgt user krbtgt_51399 user Almudena Benito user Aaron Con user Adina Hagege user Aaron Nicholls user Aaron M. Painter user Jeff Phillips user Flemming Pedersen user </dev:code><dev:remarks><maml:para>This command returns all accounts that have been inactive for the last 90 days. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 6 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Search-ADAccount -PasswordExpired | FT Name,ObjectClass -A Name ObjectClass ---- ----------- Stan Orme user Danni Ortman user Matej Potokar user </dev:code><dev:remarks><maml:para>This command returns all accounts where the password has expired. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 7 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Search-ADAccount -PasswordNeverExpires | FT Name,ObjectClass -A Name ObjectClass ---- ----------- Guest user Toni Poe user Anders Riis user Fabien Hernoux user </dev:code><dev:remarks><maml:para>This command returns all accounts with a password that will never expire.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 8 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Search-ADAccount -LockedOut | FT Name,ObjectClass -A Name ObjectClass ---- ----------- Toni Poe user </dev:code><dev:remarks><maml:para>This command returns all accounts that have been locked out.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 9 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Search-ADAccount -AccountDisabled -ComputersOnly | FT Name,ObjectClass -A Name ObjectClass ---- ----------- TPOE-PC1 computer </dev:code><dev:remarks><maml:para>This command returns all disabled computer accounts.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 10 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Search-ADAccount -AccountExpiring -DateTime "3/18/2009" | FT Name,ObjectClass -A Name ObjectClass ---- ----------- Anders Riis user </dev:code><dev:remarks><maml:para>This command returns all accounts which expire on the 18th of March, 2009.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 11 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Search-AdAccount -AccountDisabled -SearchBase "DC=AppNC" -Server "FABRIKAM-SRV1:60000" Enabled : False Name : SanjayPatel UserPrincipalName : PasswordNeverExpires : LockedOut : False ObjectGUID : d671de28-6e40-42a7-b32c-63d336de296d ObjectClass : user SID : S-1-510474493-936115905-2231798853-1260534229-4171027843-767619944 PasswordExpired : False LastLogonDate : DistinguishedName : CN=SanjayPatel,OU=AccountDeptOU,DC=AppNC AccountExpirationDate : </dev:code><dev:remarks><maml:para>This command returns all users, computers and service accounts that are disabled in the LDS instance: FABRIKAM-SRV1:60000.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291105</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Clear-ADAccountExpiration</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Disable-ADAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Enable-ADAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADAccountResultantPasswordReplicationPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADAccountControl</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADAccountExpiration</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADAccountPassword</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Unlock-ADAccount</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADAccountAuthenticationPolicySilo</command:name><maml:description><maml:para>Modifies the authentication policy or authentication policy silo of an account.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADAccountAuthenticationPolicySilo</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADAccountAuthenticationPolicySilo cmdlet modifies the authentication policy or authentication policy silo of an account. This cmdlet assigns authentication policy silo objects and authentication policy object to an Active Directory Domain Services account. In order for the account to belong to an authentication policy silo, you must use the Grant-ADAuthenticationPolicySiloAccess cmdlet to grant access to the object.</maml:para><maml:para>The Identity parameter specifies the Active Directory Domain Services authentication policy to modify. You can identify an authentication policy by its distinguished name (DN), GUID or name. You can also use the Identity parameter to specify a variable that contains an authentication policy object, or you can use the pipeline operator to pass an authentication policy object to the Identity parameter.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADAccountAuthenticationPolicySilo</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services object. Specify the Active Directory Domain Services object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAccount</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthenticationPolicy</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy object. Specify the authentication policy object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthenticationPolicySilo</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy silo object. Specify the authentication policy silo object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthenticationPolicy</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy object. Specify the authentication policy object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthenticationPolicySilo</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy silo object. Specify the authentication policy silo object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicySilo</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services object. Specify the Active Directory Domain Services object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAccount</command:parameterValue><dev:type><maml:name>ADAccount</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADAccount</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>System.Object</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>Example 1: Assign an authentication policy silo and authentication policy </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADAccountAuthenticationPolicySilo -Identity User01 -AuthenticationPolicySilo AuthenticationPolicySilo01 -AuthenticationPolicy AuthenticationPolicy01 </dev:code><dev:remarks><maml:para>This example assigns the authentication policy silo named AuthenticationPolicySilo01 and the authentication policy named AuthenticationPolicy01 to the user account named User01.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 2: Assign an authentication policy silo and authentication policy by using a filter </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADComputer -Filter 'Name -like "newComputer*"' | Set-ADAccountAuthenticationPolicySilo -AuthenticationPolicySilo AuthenticationPolicySilo02 -AuthenticationPolicy AuthenticationPolicy02 </dev:code><dev:remarks><maml:para>This example first uses the Get-ADComputer cmdlet to get all computer accounts that match the filter specified by the Filter parameter. The output of this command is passed to Set-ADAccountAuthenticatinPolicySilo to assign the authentication policy silo named AuthenticationPolicySilo02 and the authentication policy named AuthenticationPolicy02 to them. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=313379</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Grant-ADAuthenticationPolicySiloAccess</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADAccountControl</command:name><maml:description><maml:para>Modifies user account control (UAC) values for an Active Directory account.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADAccountControl</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADAccountControl cmdlet modifies the user account control (UAC) values for an Active Directory user or computer account. UAC values are represented by cmdlet parameters. For example, set the PasswordExpired parameter to change whether an account is expired and to modify the ADS_UF_PASSWORD_EXPIRED UAC value.</maml:para><maml:para>The Identity parameter specifies the Active Directory account to modify.</maml:para><maml:para>You can identify an account by its distinguished name (DN), GUID, security identifier (SID) or security accounts manager (SAM) account name. You can also set the Identity parameter to an object variable such as $<localADAccountObject>, or you can pass an account object through the pipeline to the Identity parameter. For example, you can use the Search-ADAccount cmdlet to retrieve an account object and then pass the object through the pipeline to the Set-ADAccountControl cmdlet. Similarly, you can use Get-ADUser, Get-ADComputer or Get-ADServiceAccount cmdlets to retrieve account objects that you can pass through the pipeline to this cmdlet.</maml:para><maml:para>For AD LDS environments, the Partition parameter must be specified except in the following two conditions: -- The cmdlet is run from an Active Directory provider drive. -- A default naming context or partition is defined for the AD LDS environment. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance.</maml:para><maml:para></maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADAccountControl</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an account object instance.</maml:para><maml:para>Derived types such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADUser</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAccount</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AccountNotDelegated</maml:name><maml:description><maml:para>Indicates whether the security context of the user is delegated to a service. When this parameter is set to true, the security context of the account is not delegated to a service even when the service account is set as trusted for Kerberos delegation. This parameter sets the AccountNotDelegated property for an Active Directory account. This parameter also sets the ADS_UF_NOT_DELEGATED flag of the Active Directory User Account Control (UAC) attribute.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AllowReversiblePasswordEncryption</maml:name><maml:description><maml:para>Indicates whether reversible password encryption is allowed for the account. This parameter sets the AllowReversiblePasswordEncryption property of the account. This parameter also sets the ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED flag of the Active Directory UAC attribute. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>CannotChangePassword</maml:name><maml:description><maml:para>Indicates whether an account can change its password. To disallow password change by the account set this to $True. This parameter changes the Boolean value of the CannotChangePassword property of an account.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DoesNotRequirePreAuth</maml:name><maml:description><maml:para>Indicates whether Kerberos pre-authentication is required to logon using the user or computer account. This parameter sets the ADS_UF_DONT_REQUIRE_PREAUTH flag of the Active Directory UAC attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Specifies whether an account is enabled. An enabled account requires a password. This parameter sets the Enabled property for an account object. This parameter also sets the ADS_UF_ACCOUNTDISABLE flag of the Active Directory UAC attribute.The acceptable values for this parameter are: -- $False or 0 -- $True or 1 </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HomedirRequired</maml:name><maml:description><maml:para>Indicates whether a home directory is required for the account. This parameter sets the ADS_UF_HOMEDIR_REQUIRED flag of the Active Directory UAC attribute.The acceptable values for this parameter are: -- $False or 0 -- $True or 1 </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>MNSLogonAccount</maml:name><maml:description><maml:para>Indicates whether the account is a Majority Node Set (MNS) logon account. This parameter also sets the ADS_UF_MNS_LOGON_ACCOUNT flag of the Active Directory UAC attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1 </maml:para><maml:para>You can use MNS logon accounts to configure a multi-node cluster without using a shared disk drive.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PasswordNeverExpires</maml:name><maml:description><maml:para>Indicates whether the password of an account can expire. This parameter sets the PasswordNeverExpires property of an account object. This parameter also sets the ADS_UF_DONT_EXPIRE_PASSWD flag of the Active Directory (UAC) attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para><maml:para>Note: This parameter cannot be set to $True for an account that also has the ChangePasswordAtLogon property set to $True. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PasswordNotRequired</maml:name><maml:description><maml:para>Indicates whether the account requires a password. This parameter sets the PasswordNotRequired property of an account, such as a user or computer account. This parameter also sets the ADS_UF_PASSWD_NOTREQD flag of the Active Directory UAC attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1 </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TrustedForDelegation</maml:name><maml:description><maml:para>Indicates whether an account is trusted for Kerberos delegation. A service that runs under an account that is trusted for Kerberos delegation can assume the identity of a client requesting the service. This parameter sets the TrustedForDelegation property of an account object. This value also sets the ADS_UF_TRUSTED_FOR_DELEGATION flag of the Active Directory UAC attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TrustedToAuthForDelegation</maml:name><maml:description><maml:para>Indicates whether an account is enabled for delegation. When this parameter is set to true, a service running under such an account can impersonate a client on other remote servers on the network. This parameter sets the ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION flag of the Active Directory UAC attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UseDESKeyOnly</maml:name><maml:description><maml:para>Indicates whether an account is restricted to use only Data Encryption Standard (DES) encryption types for keys. This parameter sets the ADS_UF_USE_DES_KEY_ONLY flag of the Active Directory UAC attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AccountNotDelegated</maml:name><maml:description><maml:para>Indicates whether the security context of the user is delegated to a service. When this parameter is set to true, the security context of the account is not delegated to a service even when the service account is set as trusted for Kerberos delegation. This parameter sets the AccountNotDelegated property for an Active Directory account. This parameter also sets the ADS_UF_NOT_DELEGATED flag of the Active Directory User Account Control (UAC) attribute.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AllowReversiblePasswordEncryption</maml:name><maml:description><maml:para>Indicates whether reversible password encryption is allowed for the account. This parameter sets the AllowReversiblePasswordEncryption property of the account. This parameter also sets the ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED flag of the Active Directory UAC attribute. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>CannotChangePassword</maml:name><maml:description><maml:para>Indicates whether an account can change its password. To disallow password change by the account set this to $True. This parameter changes the Boolean value of the CannotChangePassword property of an account.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DoesNotRequirePreAuth</maml:name><maml:description><maml:para>Indicates whether Kerberos pre-authentication is required to logon using the user or computer account. This parameter sets the ADS_UF_DONT_REQUIRE_PREAUTH flag of the Active Directory UAC attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Specifies whether an account is enabled. An enabled account requires a password. This parameter sets the Enabled property for an account object. This parameter also sets the ADS_UF_ACCOUNTDISABLE flag of the Active Directory UAC attribute.The acceptable values for this parameter are: -- $False or 0 -- $True or 1 </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HomedirRequired</maml:name><maml:description><maml:para>Indicates whether a home directory is required for the account. This parameter sets the ADS_UF_HOMEDIR_REQUIRED flag of the Active Directory UAC attribute.The acceptable values for this parameter are: -- $False or 0 -- $True or 1 </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an account object instance.</maml:para><maml:para>Derived types such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADUser</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAccount</command:parameterValue><dev:type><maml:name>ADAccount</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>MNSLogonAccount</maml:name><maml:description><maml:para>Indicates whether the account is a Majority Node Set (MNS) logon account. This parameter also sets the ADS_UF_MNS_LOGON_ACCOUNT flag of the Active Directory UAC attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1 </maml:para><maml:para>You can use MNS logon accounts to configure a multi-node cluster without using a shared disk drive.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PasswordNeverExpires</maml:name><maml:description><maml:para>Indicates whether the password of an account can expire. This parameter sets the PasswordNeverExpires property of an account object. This parameter also sets the ADS_UF_DONT_EXPIRE_PASSWD flag of the Active Directory (UAC) attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para><maml:para>Note: This parameter cannot be set to $True for an account that also has the ChangePasswordAtLogon property set to $True. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PasswordNotRequired</maml:name><maml:description><maml:para>Indicates whether the account requires a password. This parameter sets the PasswordNotRequired property of an account, such as a user or computer account. This parameter also sets the ADS_UF_PASSWD_NOTREQD flag of the Active Directory UAC attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1 </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TrustedForDelegation</maml:name><maml:description><maml:para>Indicates whether an account is trusted for Kerberos delegation. A service that runs under an account that is trusted for Kerberos delegation can assume the identity of a client requesting the service. This parameter sets the TrustedForDelegation property of an account object. This value also sets the ADS_UF_TRUSTED_FOR_DELEGATION flag of the Active Directory UAC attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TrustedToAuthForDelegation</maml:name><maml:description><maml:para>Indicates whether an account is enabled for delegation. When this parameter is set to true, a service running under such an account can impersonate a client on other remote servers on the network. This parameter sets the ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION flag of the Active Directory UAC attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UseDESKeyOnly</maml:name><maml:description><maml:para>Indicates whether an account is restricted to use only Data Encryption Standard (DES) encryption types for keys. This parameter sets the ADS_UF_USE_DES_KEY_ONLY flag of the Active Directory UAC attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADAccount</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An account object is received by the Identity parameter. </maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work when connected to Global Catalog port. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADAccountControl -Identity JimmyBi -PasswordNotRequired $False </dev:code><dev:remarks><maml:para>This command sets the flag on userAccountControl to make sure that a password is required for logon. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADAccountControl -Identity 'CN=Jimmy Bischoff,OU=HumanResources,OU=UserAccounts,DC=FABRIKAM,DC=COM' -CannotChangePassword $True </dev:code><dev:remarks><maml:para>This command sets the security descriptor of the user to make sure they cannot change their own password. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADAccountControl -Identity SQLAdmin1 -AccountNotDelegated $True </dev:code><dev:remarks><maml:para>This command sets the flag on userAccountControl to make sure that the account cannot be delegated. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADAccountControl -Identity 'CN=IIS01 SvcAccount,OU=ServiceAccounts,OU=Managed,DC=FABRIKAM,DC=COM' -TrustedToAuthForDelegation $True </dev:code><dev:remarks><maml:para>This command sets the flag on userAccountControl to make sure that the account is now trusted to authenticate for delegation. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADAccountControl -Identity "FABRIKAM-SRV1" -TrustedForDelegation $True </dev:code><dev:remarks><maml:para>This command sets specified computer to be trusted for delegation.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 6 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADAccountControl -Identity DickBe -PasswordNeverExpires $True </dev:code><dev:remarks><maml:para>This command sets the password of the user to never expire.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 7 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADAccountControl -Identity 'CN=Dick Beekman,OU=HumanResources,OU=UserAccounts,DC=FABRIKAM,DC=COM' -HomedirRequired $True </dev:code><dev:remarks><maml:para>This command sets the user account to require a Home Directory.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291106</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADComputer</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADUser</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADAccountExpiration</command:name><maml:description><maml:para>Sets the expiration date for an Active Directory account.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADAccountExpiration</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADAccountExpiration cmdlet sets the expiration time for a user, computer or service account. To specify an exact time, use the DateTime parameter. To specify a time period from the current time, use the TimeSpan parameter.</maml:para><maml:para>The Identity parameter specifies the Active Directory account to modify.</maml:para><maml:para>You can identify an account by its distinguished name (DN), GUID, security identifier (SID), or Security Accounts Manager (SAM) account name. You can also set the Identity parameter to an object variable such as $<localADAccountObject>, or you can pass an account object through the pipeline to the Identity parameter. For example, you can use the Search-ADAccount cmdlet to retrieve an account object and then pass the object through the pipeline to the Set-ADAccountExpiration cmdlet. Similarly, you can use Get-ADUser, Get-ADComputer, or Get-ADServiceAccount cmdlets to retrieve account objects that you can pass through the pipeline to this cmdlet. </maml:para><maml:para>For AD LDS environments, the Partition parameter must be specified except in the following two conditions: -- The cmdlet is run from an Active Directory provider drive. -- A default naming context or partition is defined for the AD LDS environment. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADAccountExpiration</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an account object instance.</maml:para><maml:para>Derived types such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAccount</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3" aliases=""><maml:name>DateTime</maml:name><maml:description><maml:para>Species the expiration time for the account by using a DateTime value. Time is assumed to be local time unless otherwise specified. When a time value is not specified, the time is assumed to 12:00:00 AM local time. When a date is not specified, the date is assumed to be the current date.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TimeSpan</maml:name><maml:description><maml:para>Specifies a time interval that begins at the current time. The account expires at the end of the time interval.</maml:para><maml:para>Specify the time interval in the following format. </maml:para><maml:para>[-]D.H:M:S.F </maml:para><maml:para>where: </maml:para><maml:para>D = Days (0 to 10675199) </maml:para><maml:para>H = Hours (0 to 23) </maml:para><maml:para>M = Minutes (0 to 59) </maml:para><maml:para>S = Seconds (0 to 59) </maml:para><maml:para>F= Fractions of a second (0 to 9999999) </maml:para><maml:para>Note: Time values must be between the following values: </maml:para><maml:para>-10675199:02:48:05.4775808 and 10675199:02:48:05.4775807. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3" aliases=""><maml:name>DateTime</maml:name><maml:description><maml:para>Species the expiration time for the account by using a DateTime value. Time is assumed to be local time unless otherwise specified. When a time value is not specified, the time is assumed to 12:00:00 AM local time. When a date is not specified, the date is assumed to be the current date.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue><dev:type><maml:name>DateTime</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an account object instance.</maml:para><maml:para>Derived types such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAccount</command:parameterValue><dev:type><maml:name>ADAccount</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TimeSpan</maml:name><maml:description><maml:para>Specifies a time interval that begins at the current time. The account expires at the end of the time interval.</maml:para><maml:para>Specify the time interval in the following format. </maml:para><maml:para>[-]D.H:M:S.F </maml:para><maml:para>where: </maml:para><maml:para>D = Days (0 to 10675199) </maml:para><maml:para>H = Hours (0 to 23) </maml:para><maml:para>M = Minutes (0 to 59) </maml:para><maml:para>S = Seconds (0 to 59) </maml:para><maml:para>F= Fractions of a second (0 to 9999999) </maml:para><maml:para>Note: Time values must be between the following values: </maml:para><maml:para>-10675199:02:48:05.4775808 and 10675199:02:48:05.4775807. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue><dev:type><maml:name>TimeSpan</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADAccount</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An account object is received by the Identity parameter.</maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADAccountExpiration -Identity KarenBe -DateTime "10/18/2008" </dev:code><dev:remarks><maml:para>This command sets the account with SamAccountName KarenBe to expire on the 18th of October, 2008.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADGroupMember -Identity BO1Accounts | where {$_.objectClass -eq "user"} | Set-ADAccountExpiration -TimeSpan 60.0:0 </dev:code><dev:remarks><maml:para>This command sets the expiration date of all the user accounts who are a member of the group BO1Accounts to 60 days from now.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291107</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Clear-ADAccountExpiration</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADComputer</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADUser</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Search-ADAccount</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADAccountPassword</command:name><maml:description><maml:para>Modifies the password of an Active Directory account.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADAccountPassword</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADAccountPassword cmdlet sets the password for a user, computer or service account. </maml:para><maml:para>The Identity parameter specifies the Active Directory account to modify.</maml:para><maml:para>You can identify an account by its distinguished name (DN), GUID, security identifier (SID) or security accounts manager (SAM) account name. You can also set the Identity parameter to an object variable such as $<localADAccountObject>, or you can pass an object through the pipeline to the Identity parameter. For example, you can use the Search-ADAccount cmdlet to retrieve an account object and then pass the object through the pipeline to the Set-ADAccountPassword cmdlet. Similarly, you can use Get-ADUser, Get-ADComputer, or Get-ADServiceAccount, for standalone MSAs, cmdlets to retrieve account objects that you can pass through the pipeline to this cmdlet.</maml:para><maml:para>Note: Group MSAs cannot set password since they are changed at predetermined intervals.</maml:para><maml:para>You must set the OldPassword and the NewPassword parameters to set the password unless you specify the Reset parameter. When you specify the Reset parameter, the password is set to the NewPassword value that you provide and the OldPassword parameter is not required.</maml:para><maml:para>For AD LDS environments, the Partition parameter must be specified except in the following two conditions: -- The cmdlet is run from an Active Directory provider drive. -- A default naming context or partition is defined for the AD LDS environment. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADAccountPassword</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory user object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAccount</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>NewPassword</maml:name><maml:description><maml:para>Specifies a new password value. This value is stored as an encrypted string. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OldPassword</maml:name><maml:description><maml:para>Specifies the most recent password value. This value is processed as an encrypted string. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Reset</maml:name><maml:description><maml:para>Specifies to reset the password on an account. When you use this parameter, you must set the NewPassword parameter. You do not need to specify the OldPassword parameter. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Domain name values: -- Fully qualified domain name (FQDN) -- NetBIOS name</maml:para><maml:para>Directory server values: -- Fully qualified directory server name -- NetBIOS name -- Fully qualified directory server name and port</maml:para><maml:para>The default value for the Server parameter is determined by one of the following methods in the order that they are listed: -- By using Server value from objects passed through the pipeline. -- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. -- By using the domain of the computer running Windows PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory user object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAccount</command:parameterValue><dev:type><maml:name>ADAccount</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>NewPassword</maml:name><maml:description><maml:para>Specifies a new password value. This value is stored as an encrypted string. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue><dev:type><maml:name>SecureString</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OldPassword</maml:name><maml:description><maml:para>Specifies the most recent password value. This value is processed as an encrypted string. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue><dev:type><maml:name>SecureString</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Reset</maml:name><maml:description><maml:para>Specifies to reset the password on an account. When you use this parameter, you must set the NewPassword parameter. You do not need to specify the OldPassword parameter. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Domain name values: -- Fully qualified domain name (FQDN) -- NetBIOS name</maml:para><maml:para>Directory server values: -- Fully qualified directory server name -- NetBIOS name -- Fully qualified directory server name and port</maml:para><maml:para>The default value for the Server parameter is determined by one of the following methods in the order that they are listed: -- By using Server value from objects passed through the pipeline. -- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. -- By using the domain of the computer running Windows PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADAccount</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An account object is received by the Identity parameter. </maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. This cmdlet does not work when connected to Global Catalog port.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADAccountPassword -Identity 'CN=Jeremy Los,OU=Accounts,DC=Fabrikam,DC=com' -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "p@ssw0rd" -Force) </dev:code><dev:remarks><maml:para>This command sets the password of the user account with DistinguishedName CN=Jeremy Los,OU=Accounts,DC=Fabrikam,DC=com to p@ssw0rd. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADAccountPassword -Identity tmakovec -OldPassword (ConvertTo-SecureString -AsPlainText "p@ssw0rd" -Force) -NewPassword (ConvertTo-SecureString -AsPlainText "qwert@12345" -Force) </dev:code><dev:remarks><maml:para>This command sets the password of the user account with SamAccountName tmakovec to qwert@12345. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADAccountPassword -Identity saradavi Please enter the current password for 'CN=Sara Davis,CN=Users,DC=Fabrikam,DC=com' Password:********** Please enter the desired password for 'CN=Sara Davis,CN=Users,DC=Fabrikam,DC=com' Password:*********** Repeat Password:*********** </dev:code><dev:remarks><maml:para>This command sets the password of the user account with DistinguishedName CN=Sara Davis,CN=Users,DC=Fabrikam,DC=com. The cmdlet prompts you for old and new passwords. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$newPassword = (Read-Host -Prompt "Provide New Password" -AsSecureString) PS C:\> Set-ADAccountPassword -Identity mollyd -NewPassword $newPassword -Reset Provide New Password: ********** </dev:code><dev:remarks><maml:para>This example prompts the user for a new password that is stored in a temporary variable named $newPassword, then uses it to reset the password for the user account with SamAccountName mollyd. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADAccountPassword -Identity "CN=Molly Dempsey,OU=AccountDeptOU,DC=AppNC" -Server "dsp13a24:60000" Please enter the current password for 'CN=mollyd,OU=AccountDeptOU,DC=AppNC' Password:********** Please enter the desired password for 'CN=mollyd,OU=AccountDeptOU,DC=AppNC' Password:********** Repeat Password:********** </dev:code><dev:remarks><maml:para>This command sets the password of the user account with DistinguishedName CN=mollyd,OU=AccountDeptOU,DC=AppNC in the AD LDS instance dsp13a24:60000. The cmdlet prompts you for old and new passwords. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291108</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADComputer</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADUser</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Search-ADAccount</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADAuthenticationPolicy</command:name><maml:description><maml:para>Modifies an Active Directory Domain Services authentication policy object.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADAuthenticationPolicy</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADAuthenticationPolicy cmdlet modifies the properties of an Active Directory® Domain Services authentication policy. Commonly used attributes of the object can be specified by the parameters of this cmdlet. Property values that are not associated with cmdlet parameters can be modified by using the Add, Replace, Clear and Remove parameters.</maml:para><maml:para>The Identity parameter specifies the Active Directory Domain Services authentication policy to modify. You can specify an authentication policy object by using a distinguished name (DN), a GUID, or a name. You can also use the Identity parameter to specify a variable that contains an authentication policy object, or you can use the pipeline operator to pass an authentication policy object to the Identity parameter. To get an authentication policy object, use the Get-ADAuthenticationPolicy cmdlet. </maml:para><maml:para>Use the Instance parameter to specify an authentication policy object to use as a template for the object being modified. Do not specify both the Instance parameter and the Identity parameter. </maml:para><maml:para>For more information about how the Instance concept is used in Active Directory Domain Services cmdlets, see about_ActiveDirectory_Instance.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADAuthenticationPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy object. Specify the authentication policy object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies a list of values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a parameter. To identify an attribute, specify the LDAP Display Name defined for it in the Active Directory Domain Services schema. </maml:para><maml:para>Specify the attribute and the value of the attribute in the following format: @{'AttributeLDAPDisplayName'=value}. </maml:para><maml:para>To specify multiple values for an attribute, specify a comma separated list the values for the display name. You can specify values for more than one attribute by using semicolons to separate attribute value pairs. </maml:para><maml:para>When specifying the Add, Remove, Replace and Clear parameters together, the operations are performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that are cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a parameter. To modify an object property, you must specify the LDAP display name. You can modify more than one property by specifying a comma-separated list. </maml:para><maml:para>When specifying the Add, Remove, Replace, and Clear parameters together, the operations are performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ComputerAllowedToAuthenticateTo</maml:name><maml:description><maml:para>Specifies the security descriptor definition language (SDDL) string of the security descriptor used to determine if the computer can authenticate to this account. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ComputerTGTLifetimeMins</maml:name><maml:description><maml:para>Specifies the lifetime in minutes for non-renewable ticket granting tickets (TGTs) for computer accounts. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as "User01" or "Domain01\User01", or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description for the object. This parameter sets the value of the description property for the object. The LDAP Display Name (ldapDisplayName) for this property is "description".</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Enforce</maml:name><maml:description><maml:para>Indicates whether the authentication policy is enforced. Specify $True to set the authentication policy to enforced. Specify $False to set the authentication policy to not enforced.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Indicates whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1 </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove the values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must specify the LDAP display name. </maml:para><maml:para>Specify the attribute and the value of the attribute in the following format: @{'AttributeLDAPDisplayName'=value}. </maml:para><maml:para>To specify multiple values for an attribute, specify a comma separated list the values for the display name. You can specify values for more than one attribute by using semicolons to separate attribute value pairs. </maml:para><maml:para>When specifying the Add, Remove, Replace and Clear parameters together, the operations are performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies a list of values for an object property that replaces the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must specify the LDAP display name. </maml:para><maml:para>Specify the attribute and the value of the attribute in the following format: @{'AttributeLDAPDisplayName'=value}. </maml:para><maml:para>To specify multiple values for an attribute, specify a comma separated list the values for the display name. You can specify values for more than one attribute by using semicolons to separate attribute value pairs. </maml:para><maml:para>When specifying the Add, Remove, Replace and Clear parameters together, the operations are performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ServiceAllowedToAuthenticateFrom</maml:name><maml:description><maml:para>Specifies an access control expression used to determine from which devices the service can authenticate.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ServiceAllowedToAuthenticateTo</maml:name><maml:description><maml:para>Specifies the SDDL string of the security descriptor used to determine if the service can authenticate to this account. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ServiceTGTLifetimeMins</maml:name><maml:description><maml:para>Specifies the lifetime in minutes for non-renewable TGTs for service accounts. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UserAllowedToAuthenticateFrom</maml:name><maml:description><maml:para>Specifies an access control expression used to determine from which devices the users can authenticate.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UserAllowedToAuthenticateTo</maml:name><maml:description><maml:para>Specifies the SDDL string of the security descriptor used to determine if the users can authenticate to this account. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UserTGTLifetimeMins</maml:name><maml:description><maml:para>Specifies the lifetime in minutes for non-renewable TGTs for user accounts. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADAuthenticationPolicy</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as "User01" or "Domain01\User01", or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies a modified copy of an ADAuthenticationPolicy object to use to update the actual ADAuthenticationPolicy object. When you specify this parameter, any modifications made to the modified copy of the object are also made to the corresponding ADAuthenticationPolicy object. The cmdlet only updates the object properties that have changed. When you specify the Instance parameter, you cannot specify other parameters that set properties on the object.</maml:para><maml:para>To get the ADAuthenticationPolicy object to use to update the ADAuthenticationPolicy on which the cmdlet runs, use the Get-ADAuthenticationPolicy cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies a list of values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a parameter. To identify an attribute, specify the LDAP Display Name defined for it in the Active Directory Domain Services schema. </maml:para><maml:para>Specify the attribute and the value of the attribute in the following format: @{'AttributeLDAPDisplayName'=value}. </maml:para><maml:para>To specify multiple values for an attribute, specify a comma separated list the values for the display name. You can specify values for more than one attribute by using semicolons to separate attribute value pairs. </maml:para><maml:para>When specifying the Add, Remove, Replace and Clear parameters together, the operations are performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that are cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a parameter. To modify an object property, you must specify the LDAP display name. You can modify more than one property by specifying a comma-separated list. </maml:para><maml:para>When specifying the Add, Remove, Replace, and Clear parameters together, the operations are performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ComputerAllowedToAuthenticateTo</maml:name><maml:description><maml:para>Specifies the security descriptor definition language (SDDL) string of the security descriptor used to determine if the computer can authenticate to this account. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ComputerTGTLifetimeMins</maml:name><maml:description><maml:para>Specifies the lifetime in minutes for non-renewable ticket granting tickets (TGTs) for computer accounts. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as "User01" or "Domain01\User01", or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description for the object. This parameter sets the value of the description property for the object. The LDAP Display Name (ldapDisplayName) for this property is "description".</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Enforce</maml:name><maml:description><maml:para>Indicates whether the authentication policy is enforced. Specify $True to set the authentication policy to enforced. Specify $False to set the authentication policy to not enforced.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy object. Specify the authentication policy object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies a modified copy of an ADAuthenticationPolicy object to use to update the actual ADAuthenticationPolicy object. When you specify this parameter, any modifications made to the modified copy of the object are also made to the corresponding ADAuthenticationPolicy object. The cmdlet only updates the object properties that have changed. When you specify the Instance parameter, you cannot specify other parameters that set properties on the object.</maml:para><maml:para>To get the ADAuthenticationPolicy object to use to update the ADAuthenticationPolicy on which the cmdlet runs, use the Get-ADAuthenticationPolicy cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Indicates whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1 </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove the values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must specify the LDAP display name. </maml:para><maml:para>Specify the attribute and the value of the attribute in the following format: @{'AttributeLDAPDisplayName'=value}. </maml:para><maml:para>To specify multiple values for an attribute, specify a comma separated list the values for the display name. You can specify values for more than one attribute by using semicolons to separate attribute value pairs. </maml:para><maml:para>When specifying the Add, Remove, Replace and Clear parameters together, the operations are performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies a list of values for an object property that replaces the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must specify the LDAP display name. </maml:para><maml:para>Specify the attribute and the value of the attribute in the following format: @{'AttributeLDAPDisplayName'=value}. </maml:para><maml:para>To specify multiple values for an attribute, specify a comma separated list the values for the display name. You can specify values for more than one attribute by using semicolons to separate attribute value pairs. </maml:para><maml:para>When specifying the Add, Remove, Replace and Clear parameters together, the operations are performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ServiceAllowedToAuthenticateFrom</maml:name><maml:description><maml:para>Specifies an access control expression used to determine from which devices the service can authenticate.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ServiceAllowedToAuthenticateTo</maml:name><maml:description><maml:para>Specifies the SDDL string of the security descriptor used to determine if the service can authenticate to this account. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ServiceTGTLifetimeMins</maml:name><maml:description><maml:para>Specifies the lifetime in minutes for non-renewable TGTs for service accounts. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UserAllowedToAuthenticateFrom</maml:name><maml:description><maml:para>Specifies an access control expression used to determine from which devices the users can authenticate.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UserAllowedToAuthenticateTo</maml:name><maml:description><maml:para>Specifies the SDDL string of the security descriptor used to determine if the users can authenticate to this account. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UserTGTLifetimeMins</maml:name><maml:description><maml:para>Specifies the lifetime in minutes for non-renewable TGTs for user accounts. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADAuthenticationPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>This cmdlet accepts an authentication policy object. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>System.Object</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns one or more objects.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>Example 1: Modify properties of a specified authentication policy</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Set-ADAuthenticationPolicy -Identity AuthenticationPolicy01 -Description "testDescription" -UserTGTLifetimeMins 45 </dev:code><dev:remarks><maml:para>This command modifies the description and the UserTGTLifetimeMins properties of the specified authentication policy. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 2: Modify properties of an authentication policy by using an Instance</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> $authPolicy = Get-ADAuthenticationPolicy -Identity AuthenticationPolicy02 PS C:\> $authPolicy.Description = 'testDescription' PS C:\> $authPolicy.UserTGTLifetimeMins = 60 PS C:\> Set-ADAuthenticationPolicy -Instance $authPolicy </dev:code><dev:remarks><maml:para>This example first gets the authentication policy named AuthenticationPolicy02 by using the Get-ADAuthenticationPolicy cmdlet. The authentication policy object is stored in the variable named $authPolicy. </maml:para><maml:para>The next commands modify the properties of the object in the variable, and the final command specifies the Instance parameter to commit the changes to the authentication policy stored in the $authPolicy variable. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 3: Modify multiple authentication policies </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Get-ADAuthenticationPolicy -Filter 'UserTGTLifetimeMins -le 50' | Set-ADAuthenticationPolicy -UserTGTLifetimeMins 60 </dev:code><dev:remarks><maml:para>This command uses the Get-ADAuthenticationPolicy cmdlet with the Filter parameter to get all authentication policies that have the UserTGTLifetimeMins value set below 50 minutes. The pipeline operator then passes the result of the filter to Set-AdAuthenticationPolicy, which sets the new UserTGTLifetimeMins value to 60 minutes.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 4: Replace an existing property value </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Set-ADAuthenticationPolicy -Identity AuthenticationPolicy03 -Replace @{description="New Description"} </dev:code><dev:remarks><maml:para>This command replaces the existing description property for AuthenticationPolicy03 with the new description specified by the Replace parameter. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=313377</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADAuthenticationPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADAuthenticationPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADAuthenticationPolicy</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADAuthenticationPolicySilo</command:name><maml:description><maml:para>Modifies an Active Directory Domain Services authentication policy silo object. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADAuthenticationPolicySilo</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADAuthenticationPolicySilo cmdlet modifies the properties of an Active Directory® Domain Services authentication policy silo. You can modify commonly used property values by using the cmdlet parameters. Property values that are not associated with cmdlet parameters can be modified by using the Add, Replace, Clear and Remove parameters. </maml:para><maml:para>The Identity parameter specifies the Active Directory Domain Services authentication policy to modify. You can specify an authentication policy object by using a distinguished name (DN), a GUID, or a name. You can also use the Identity parameter to specify a variable that contains an authentication policy object, or you can use the pipeline operator to pass an authentication policy object to the Identity parameter. To get an authentication policy object, use the Get-ADAuthenticationPolicy cmdlet. </maml:para><maml:para>Use the Instance parameter to specify an authentication policy object to use as a template for the object being modified. Do not specify both the Instance parameter and the Identity parameter. </maml:para><maml:para>For more information about how the Instance concept is used in Active Directory Domain Services cmdlets, type Get-Help about_ActiveDirectory_Instance.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADAuthenticationPolicySilo</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy silo object. Specify the authentication policy silo object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies a list of values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a parameter. To identify an attribute, specify the LDAP Display Name defined for it in the Active Directory Domain Services schema. </maml:para><maml:para>Specify the attribute and the value of the attribute in the following format: @{'AttributeLDAPDisplayName'=value}. </maml:para><maml:para>To specify multiple values for an attribute, specify a comma separated list the values for the display name. You can specify values for more than one attribute by using semicolons to separate attribute value pairs. </maml:para><maml:para>When specifying the Add, Remove, Replace and Clear parameters together, the operations are performed in the following order: -- Remove -- Add -- Replace -- Clear </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that are cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a parameter. To modify an object property, you must specify the LDAP display name. You can modify more than one property by specifying a comma-separated list. </maml:para><maml:para>When specifying the Add, Remove, Replace and Clear parameters together, the operations are performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ComputerAuthenticationPolicy</maml:name><maml:description><maml:para>Specifies the authentication policy that applies to computer accounts.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description for the object. This parameter sets the value of the description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Enforce</maml:name><maml:description><maml:para>Indicates whether the authentication policy is enforced. Specify $True to set the authentication policy to enforced. Specify $False to set the authentication policy to not enforced.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Indicates whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1 </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove the values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must specify the LDAP display name. </maml:para><maml:para>Specify the attribute and the value of the attribute in the following format: @{'AttributeLDAPDisplayName'=value}. </maml:para><maml:para>To specify multiple values for an attribute, specify a comma separated list the values for the display name. You can specify values for more than one attribute by using semicolons to separate attribute value pairs. </maml:para><maml:para>When specifying the Add, Remove, Replace and Clear parameters together, the operations are performed in the following order: -- Remove -- Add -- Replace -- Clear </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies a list of values for an object property that replaces the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must specify the LDAP display name. </maml:para><maml:para>Specify the attribute and the value of the attribute in the following format: @{'AttributeLDAPDisplayName'=value}. </maml:para><maml:para>To specify multiple values for an attribute, specify a comma separated list the values for the display name. You can specify values for more than one attribute by using semicolons to separate attribute value pairs. </maml:para><maml:para>When specifying the Add, Remove, Replace and Clear parameters together, the operations are performed in the following order: -- Remove -- Add -- Replace -- Clear </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ServiceAuthenticationPolicy</maml:name><maml:description><maml:para>Specifies the authentication policy that applies to managed service accounts.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UserAuthenticationPolicy</maml:name><maml:description><maml:para>Specifies the authentication policy that applies to user accounts.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADAuthenticationPolicySilo</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies a modified copy of an ADAuthenticationPolicySilo object to use to update the actual ADAuthenticationPolicySilo object. When you specify this parameter, any modifications made to the modified copy of the object are also made to the corresponding ADAuthenticationPolicySilo object. The cmdlet only updates the object properties that have changed. When you specify the Instance parameter, you cannot specify other parameters that set properties on the object.</maml:para><maml:para>To get the ADAuthenticationPolicySilo object to use to update the ADAuthenticationPolicySilo on which the cmdlet runs, use the Get-ADAuthenticationPolicySilo cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies a list of values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a parameter. To identify an attribute, specify the LDAP Display Name defined for it in the Active Directory Domain Services schema. </maml:para><maml:para>Specify the attribute and the value of the attribute in the following format: @{'AttributeLDAPDisplayName'=value}. </maml:para><maml:para>To specify multiple values for an attribute, specify a comma separated list the values for the display name. You can specify values for more than one attribute by using semicolons to separate attribute value pairs. </maml:para><maml:para>When specifying the Add, Remove, Replace and Clear parameters together, the operations are performed in the following order: -- Remove -- Add -- Replace -- Clear </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that are cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a parameter. To modify an object property, you must specify the LDAP display name. You can modify more than one property by specifying a comma-separated list. </maml:para><maml:para>When specifying the Add, Remove, Replace and Clear parameters together, the operations are performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ComputerAuthenticationPolicy</maml:name><maml:description><maml:para>Specifies the authentication policy that applies to computer accounts.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description for the object. This parameter sets the value of the description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Enforce</maml:name><maml:description><maml:para>Indicates whether the authentication policy is enforced. Specify $True to set the authentication policy to enforced. Specify $False to set the authentication policy to not enforced.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy silo object. Specify the authentication policy silo object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicySilo</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies a modified copy of an ADAuthenticationPolicySilo object to use to update the actual ADAuthenticationPolicySilo object. When you specify this parameter, any modifications made to the modified copy of the object are also made to the corresponding ADAuthenticationPolicySilo object. The cmdlet only updates the object properties that have changed. When you specify the Instance parameter, you cannot specify other parameters that set properties on the object.</maml:para><maml:para>To get the ADAuthenticationPolicySilo object to use to update the ADAuthenticationPolicySilo on which the cmdlet runs, use the Get-ADAuthenticationPolicySilo cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicySilo</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Indicates whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1 </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove the values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must specify the LDAP display name. </maml:para><maml:para>Specify the attribute and the value of the attribute in the following format: @{'AttributeLDAPDisplayName'=value}. </maml:para><maml:para>To specify multiple values for an attribute, specify a comma separated list the values for the display name. You can specify values for more than one attribute by using semicolons to separate attribute value pairs. </maml:para><maml:para>When specifying the Add, Remove, Replace and Clear parameters together, the operations are performed in the following order: -- Remove -- Add -- Replace -- Clear </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies a list of values for an object property that replaces the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must specify the LDAP display name. </maml:para><maml:para>Specify the attribute and the value of the attribute in the following format: @{'AttributeLDAPDisplayName'=value}. </maml:para><maml:para>To specify multiple values for an attribute, specify a comma separated list the values for the display name. You can specify values for more than one attribute by using semicolons to separate attribute value pairs. </maml:para><maml:para>When specifying the Add, Remove, Replace and Clear parameters together, the operations are performed in the following order: -- Remove -- Add -- Replace -- Clear </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ServiceAuthenticationPolicy</maml:name><maml:description><maml:para>Specifies the authentication policy that applies to managed service accounts.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UserAuthenticationPolicy</maml:name><maml:description><maml:para>Specifies the authentication policy that applies to user accounts.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADAccount</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>This cmdlet accepts an account object.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>System.Object</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns one or more objects.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>Example 1: Modify an authentication policy silo</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADAuthenticationPolicySilo -Name AuthenticationPolicySilo01 -UserAuthenticationPolicy ‘AuthenticationPolicy1’ </dev:code><dev:remarks><maml:para>This command modifies the user authentication policy for the authentication policy silo named AuthenticationPolicySilo01.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 2: Modify multiple properties of an authentication policy silo</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$authPolicySilo = Get-ADAuthenticationPolicySilo -Identity AuthenticationPolicySilo02 PS C:\> $authPolicySilo.Description = 'testDescription' PS C:\> $authPolicySilo.Enforce = $False PS C:\> Set-ADAuthenticationPolicySilo -Instance $authPolicySilo </dev:code><dev:remarks><maml:para>This example first gets an authentication policy silo object and stores it in the variable named $authPolicySilo. Properties of the authentication policy silo are then modified, and finally the contents of the variable are written to the authentication policy silo by using the Instance parameter.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 3: Modify multiple authentication policy silo objects by filtering</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADAuthenticationPolicySilo -Filter 'UserAuthenticationPolicy -eq "AuthenticationPolicy01"' | Set-ADAuthenticationPolicySilo -UserAuthenticationPolicy AuthenticationPolicy02 </dev:code><dev:remarks><maml:para>This example first gets all authentication policy silos that match the filter specified by the Filter parameter for Get-ADAuthenticationPolicySilo. The results of the filter are then passed to Set-ADAuthenticationPolicySilo by using the pipeline operator. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 4: Replace a value in an authentication policy silo object</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADAuthenticationPolicySilo -Name AuthenticationPolicySilo03 -Replace @{description="New Description"} </dev:code><dev:remarks><maml:para>This command replaces the description for the authentication policy silo object named AuthenticationPolicySilo03.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=298364</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADAuthenticationPolicySilo</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADAuthenticationPolicySilo</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADAuthenticationPolicySilo</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADCentralAccessPolicy</command:name><maml:description><maml:para>Modifies a central access policy in Active Directory. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADCentralAccessPolicy</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADCentralAccessPolicy cmdlet can be used to modify a central access policy in Active Directory. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADCentralAccessPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADCentralAccessPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon.. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is:</maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is:</maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]}</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADCentralAccessPolicy</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies a modified copy of a central access policy object to use to update the actual central access policy object. When this parameter is used, any modifications made to the modified copy of the object are also made to the corresponding central access policy object. The cmdlet only updates the object properties that have changed.</maml:para><maml:para>The Instance parameter can only update central access policy objects that have been retrieved by using the Get-ADCentralAccessPolicy cmdlet. When you specify the Instance parameter, you cannot specify other parameters that set properties on the object. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADCentralAccessPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon.. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is:</maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADCentralAccessPolicy</command:parameterValue><dev:type><maml:name>ADCentralAccessPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies a modified copy of a central access policy object to use to update the actual central access policy object. When this parameter is used, any modifications made to the modified copy of the object are also made to the corresponding central access policy object. The cmdlet only updates the object properties that have changed.</maml:para><maml:para>The Instance parameter can only update central access policy objects that have been retrieved by using the Get-ADCentralAccessPolicy cmdlet. When you specify the Instance parameter, you cannot specify other parameters that set properties on the object. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADCentralAccessPolicy</command:parameterValue><dev:type><maml:name>ADCentralAccessPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is:</maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]}</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADCentralAccessPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A ADCentralAccessPolicy object is received by the Identity parameter.</maml:para><maml:para>A ADCentralAccessPolicy object that was retrieved by using the Get-ADCentralAccessPolicy cmdlet and then modified is received by the Instance parameter.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADCentralAccessPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the modified ADCentralAccessPolicy object when the PassThru parameter is specified. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADCentralAccessPolicy "Finance Policy" -Description "For the Finance Department." </dev:code><dev:remarks><maml:para>This command updates the central access policy named Finance Policy to include the description For the Finance Department. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADCentralAccessPolicy "Finance Policy" | Set-ADCentralAccessPolicy -Description "For the Finance Department." </dev:code><dev:remarks><maml:para>This command gets the central access policy named Finance Policy, and then sets its description to For the Finance Department.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291109</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADCentralAccessPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADCentralAccessPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADCentralAccessPolicy</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADCentralAccessRule</command:name><maml:description><maml:para>Modifies a central access rule in Active Directory. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADCentralAccessRule</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADCentralAccessRule cmdlet can be used to modify a central access rule in a central access policy that is stored in Active Directory. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADCentralAccessRule</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADCentralAccessRule</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon.. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is:</maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>CurrentAcl</maml:name><maml:description><maml:para>Specifies the currently effective access control list (ACL) of the rule. The current ACL grants access to target resources once the central access policy containing this rule is published.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProposedAcl</maml:name><maml:description><maml:para>Specifies the proposed ACL of the central access rule. The proposed ACL allows an administrator to audit the results of access requests to target resources specified in the resource condition without affecting the current system. To view the logs, go to Event Viewer or other audit tools to view the logs. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is:</maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is:</maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]}</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResourceCondition</maml:name><maml:description><maml:para>Specifies the resource condition of the central access rule. The resource condition specifies a list of criteria to scope the resources.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADCentralAccessRule</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies a modified copy of an central access rule object to use to update the actual central access rule object. When this parameter is used, any modifications made to the modified copy of the object are also made to the corresponding central access rule object. The cmdlet only updates the object properties that have changed. </maml:para><maml:para>The Instance parameter can only update central access rule objects that have been retrieved by using the Get-ADCentralAccessRule cmdlet. When you specify the Instance parameter, you cannot specify other parameters that set properties on the object. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADCentralAccessRule</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon.. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is:</maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>CurrentAcl</maml:name><maml:description><maml:para>Specifies the currently effective access control list (ACL) of the rule. The current ACL grants access to target resources once the central access policy containing this rule is published.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADCentralAccessRule</command:parameterValue><dev:type><maml:name>ADCentralAccessRule</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies a modified copy of an central access rule object to use to update the actual central access rule object. When this parameter is used, any modifications made to the modified copy of the object are also made to the corresponding central access rule object. The cmdlet only updates the object properties that have changed. </maml:para><maml:para>The Instance parameter can only update central access rule objects that have been retrieved by using the Get-ADCentralAccessRule cmdlet. When you specify the Instance parameter, you cannot specify other parameters that set properties on the object. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADCentralAccessRule</command:parameterValue><dev:type><maml:name>ADCentralAccessRule</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProposedAcl</maml:name><maml:description><maml:para>Specifies the proposed ACL of the central access rule. The proposed ACL allows an administrator to audit the results of access requests to target resources specified in the resource condition without affecting the current system. To view the logs, go to Event Viewer or other audit tools to view the logs. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is:</maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is:</maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]}</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ResourceCondition</maml:name><maml:description><maml:para>Specifies the resource condition of the central access rule. The resource condition specifies a list of criteria to scope the resources.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADCentralAccessPolicyEntry</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An ADCentralAccessPolicyEntry object is received by the Identity parameter. </maml:para><maml:para>An ADCentralAccessPolicyEntry object that was retrieved by using the Get-ADCentralAccessPolicyEntry cmdlet and then modified is received by the Instance parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADCentralAccessPolicyEntry</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the modified ADCentralAccessPolicyEntry object when the PassThru parameter is specified. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$departmentResourceProperty = Get-ADResourceProperty -Identity Department PS C:\> $resourceCondition = "(@RESOURCE." + $departmentResourceProperty.Name + " Contains {`"Finance`"})" PS C:\> Set-ADCentralAccessRule -Identity "Finance Documents Rule" -ResourceCondition $resourceCondition </dev:code><dev:remarks><maml:para>This example sets the central access rule named Finance Documents Rule with a new resource condition. The resource condition scopes the resources to ones containing the value Finance in their Department resource property. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$countryClaimType = Get-ADClaimType -Identity Country PS C:\> $departmentClaimType = Get-ADClaimType -Identity Department PS C:\> $countryResourceProperty = Get-ADResourceProperty -Identity Country PS C:\> $departmentResourceProperty = Get-ADResourceProperty -Identity Department PS C:\> $financeException = Get-ADGroup -Identity FinanceException PS C:\> $financeAdmin = Get-ADGroup -Identity FinanceAdmin PS C:\> $resourceCondition = "(@RESOURCE." + $departmentResourceProperty.Name + " Contains {`"Finance`"})" PS C:\> $currentAcl = "O:SYG:SYD:AR(A;;FA;;;OW)(A;;FA;;;BA)(A;;0x1200a9;;;" + $financeException.SID.Value + ")(A;;0x1301bf;;;" + $financeAdmin.SID.Value + ")(A;;FA;;;SY)(XA;;0x1200a9;;;AU;((@USER." + $countryClaimType.Name + " Any_of @RESOURCE." + $countryResourceProperty.Name + ") && (@USER." + $departmentClaimType.Name + " Any_of @RESOURCE." + $departmentResourceProperty.Name + ")))" PS C:\> Set-ADCentralAccessRule -Identity "Finance Documents Rule" -ResourceCondition $resourceCondition -CurrentAcl $currentAcl </dev:code><dev:remarks><maml:para>This example sets the central access rule named Finance Documents Rule with a new resource condition and new permissions.</maml:para><maml:para>The new rule specifies that documents should only be read by members of the Finance department. Members of the Finance department should only be able to access documents in their own country. Only Finance Administrators should have write access. The rule allows an exception for members of the FinanceException group. This group will have read access. </maml:para><maml:para>Targeting: -- Resource.Department Contains Finance -- Allow Full control User.MemberOf(FinanceAdmin)</maml:para><maml:para>Access rules: -- Allow Read User.Country=Resource.Country AND User.department = Resource.Department -- Allow Full control User.MemberOf(FinanceAdmin) -- Allow Read User.Country=Resource.Country AND User.department = Resource.Department -- Allow Read User.MemberOf(FinanceException)</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADCentralAccessRule -Identity "Finance Documents Rule" | Set-ADCentralAccessRule -Description "For finance documents." </dev:code><dev:remarks><maml:para>This command gets the central access rule named Finance Documents Rule, and set the description to For finance documents. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291110</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADCentralAccessRule</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADCentralAccessRule</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADCentralAccessRule</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADClaimTransformLink</command:name><maml:description><maml:para>Applies a claims transformation to one or more cross-forest trust relationships in Active Directory.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADClaimTransformLink</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADClaimTransformLink cmdlet can be used to apply a claims transformation to one or more cross-forest trust relationships in Active Directory.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADClaimTransformLink</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory group object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADTrust</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Policy</maml:name><maml:description><maml:para>Specifies the claims transformation policy to apply to the cross-forest trust relationship. This parameter does not receive pipeline input.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimTransformPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TrustRole</maml:name><maml:description><maml:para>Specifies a trust role, as an enumeration of the link types. Used to specify which links on the trust relationships should the claims transformation apply to. The acceptable values for this parameter are: -- Trusted -- Trusting </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Trusted</command:parameterValue><command:parameterValue required="true" variableLength="false">Trusting</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory group object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADTrust</command:parameterValue><dev:type><maml:name>ADTrust</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Policy</maml:name><maml:description><maml:para>Specifies the claims transformation policy to apply to the cross-forest trust relationship. This parameter does not receive pipeline input.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimTransformPolicy</command:parameterValue><dev:type><maml:name>ADClaimTransformPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TrustRole</maml:name><maml:description><maml:para>Specifies a trust role, as an enumeration of the link types. Used to specify which links on the trust relationships should the claims transformation apply to. The acceptable values for this parameter are: -- Trusted -- Trusting </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADTrustRole</command:parameterValue><dev:type><maml:name>ADTrustRole</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADTrust</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A trust object is received by the Identity parameter.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADTrust</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADClaimTransformPolicy -Identity DenyAllPolicy -DenyAll PS C:\> Set-ADClaimTransformLink "corp.contoso.com" -Policy DenyAllPolicy -TrustRole Trusted PS C:\> Set-ADClaimTransformLink "corp.contoso.com" -Policy DenyAllPolicy -TrustRole Trusting </dev:code><dev:remarks><maml:para>This example applies the claims transformation policy DenyAllPolicy to the trust corp.contoso.com. The rule is applied to where this domain acts as both the trusted and trusting domain in the trust. Effectively, the rule is applied to both claims coming in to this domain from its trust partner, and claims flowing out of this domain towards its trust partner.</maml:para><maml:para>Since the specified transformation rule denies all claims to be sent or received, this domain will now deny all claims from being sent to or received from the other domain, the trust partner. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADClaimTransformPolicy -Identity AllowAllExceptCompanyAndDepartmentPolicy -AllowAllExcept Company,Department PS C:\> Get-ADTrust "corp.contoso.com" | Set-ADClaimTransformLink -Policy AllowAllExceptCompanyAndDepartmentPolicy -TrustRole Trusted </dev:code><dev:remarks><maml:para>This example applies the claims transformation policy AllowAllExceptCompanyAndDepartmentPolicy to the trust corp.contoso.com. The rule is applied to where this domain acts as the trusted domain in the trust. Effectively, the rule is applied to claims flowing out of this domain towards its trust partner.</maml:para><maml:para>Since the specified transformation rule allows all claims to be sent or received except Company and Department, this domain will now allow all claims except the two from being sent to the other domain, the trust partner. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADClaimTransformPolicy -Identity HumanResourcesToHrPolicy -Rule 'C1:[Type=="ad://ext/Department:88ce6e1cc00e9524", Value=="Human Resources", ValueType=="string"] => issue(Type=C1.Type, Value="HR", ValueType=C1.ValueType);'; PS C:\> Set-ADClaimTransformLink -Identity "corp.contoso.com" -Policy HumanResourcesToHrPolicy -TrustRole Trusting </dev:code><dev:remarks><maml:para>This command applies the claims transformation policy HumanResourcesToHrPolicy to the trust corp.contoso.com. The rule is applied to where this domain acts as the trusting domain in the trust. Effectively, the rule is applied to claims coming in to this domain from its trust partner.</maml:para><maml:para>Since the specified transformation rule transforms the value Human Resources into HR in the claim ad://ext/Department:88ce6e1cc00e9524, this domain will now transform the claim value received from the other domain, the trust partner, from Human Resources to HR. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291111</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADClaimTransformPolicy</command:name><maml:description><maml:para>Sets the properties of a claims transformation policy in Active Directory.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADClaimTransformPolicy</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADClaimTransformPolicy cmdlet can be used to set the properties of a claims transformation policy in Active Directory. A claims transformation policy object contains a set of rules authored in the transformation rule language.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADClaimTransformPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies one of the following as valid identities for the ADClaimTransformPolicy object: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimTransformPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para><maml:para>Type a user name, such as User01" or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is: </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AllowAllExcept</maml:name><maml:description><maml:para>Specifies an array of claim types. When this parameter is specified, the policy sets a claims transformation rule that allows all claims to be sent or received except for the specified claim types.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADClaimType[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADClaimTransformPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies one of the following as valid identities for the ADClaimTransformPolicy object: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimTransformPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para><maml:para>Type a user name, such as User01" or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is: </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DenyAllExcept</maml:name><maml:description><maml:para>Specifies an array of claim types. When this parameter is specified, the claims transformation policy sets a claims transformation rule that denies all claims to be sent or received except for the specified claim types.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADClaimType[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADClaimTransformPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies one of the following as valid identities for the ADClaimTransformPolicy object: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimTransformPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para><maml:para>Type a user name, such as User01" or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is: </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DenyAll</maml:name><maml:description><maml:para>Indicates that the policy sets a claims transformation rule that denies all claims to be sent or received. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADClaimTransformPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies one of the following as valid identities for the ADClaimTransformPolicy object: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimTransformPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para><maml:para>Type a user name, such as User01" or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is: </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Rule</maml:name><maml:description><maml:para>Specifies the claims transformation rule. To specify the rule, you can either type the rule in a text file, and then pass the file to the cmdlet (recommended), or type the rule inline. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADClaimTransformPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies one of the following as valid identities for the ADClaimTransformPolicy object: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimTransformPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para><maml:para>Type a user name, such as User01" or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is: </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AllowAll</maml:name><maml:description><maml:para>Indicates whether the policy sets a claims transformation rule that allows all claims to be sent or received. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADClaimTransformPolicy</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para><maml:para>Type a user name, such as User01" or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of an Active Directory object to use as a template for a new claims transformation policy object. </maml:para><maml:para>You can use an instance of an existing claims transformation policy object as a template or you can construct a new claims transformation policy object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing claims transformation policy object as a template for a new object. To retrieve an instance of an existing claims transformation policy object, use a cmdlet such as Get-ADClaimTransformPolicy. Then provide this object to the Instance parameter of the New-ADClaimTransformPolicy cmdlet to create a new claims transformation policy object. You can override property values of the new object by setting the appropriate parameters.</maml:para><maml:para>Method 2: Create a new ADClaimTransformPolicy and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADClaimTransformPolicy cmdlet to create the new Active Directory object.</maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimTransformPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AllowAll</maml:name><maml:description><maml:para>Indicates whether the policy sets a claims transformation rule that allows all claims to be sent or received. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AllowAllExcept</maml:name><maml:description><maml:para>Specifies an array of claim types. When this parameter is specified, the policy sets a claims transformation rule that allows all claims to be sent or received except for the specified claim types.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADClaimType[]</command:parameterValue><dev:type><maml:name>ADClaimType[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para><maml:para>Type a user name, such as User01" or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DenyAll</maml:name><maml:description><maml:para>Indicates that the policy sets a claims transformation rule that denies all claims to be sent or received. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DenyAllExcept</maml:name><maml:description><maml:para>Specifies an array of claim types. When this parameter is specified, the claims transformation policy sets a claims transformation rule that denies all claims to be sent or received except for the specified claim types.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADClaimType[]</command:parameterValue><dev:type><maml:name>ADClaimType[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies one of the following as valid identities for the ADClaimTransformPolicy object: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimTransformPolicy</command:parameterValue><dev:type><maml:name>ADClaimTransformPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue>None</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of an Active Directory object to use as a template for a new claims transformation policy object. </maml:para><maml:para>You can use an instance of an existing claims transformation policy object as a template or you can construct a new claims transformation policy object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing claims transformation policy object as a template for a new object. To retrieve an instance of an existing claims transformation policy object, use a cmdlet such as Get-ADClaimTransformPolicy. Then provide this object to the Instance parameter of the New-ADClaimTransformPolicy cmdlet to create a new claims transformation policy object. You can override property values of the new object by setting the appropriate parameters.</maml:para><maml:para>Method 2: Create a new ADClaimTransformPolicy and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADClaimTransformPolicy cmdlet to create the new Active Directory object.</maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimTransformPolicy</command:parameterValue><dev:type><maml:name>ADClaimTransformPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is: </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Rule</maml:name><maml:description><maml:para>Specifies the claims transformation rule. To specify the rule, you can either type the rule in a text file, and then pass the file to the cmdlet (recommended), or type the rule inline. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADClaimTransformPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A claim transform policy object is received by the Identity parameter. </maml:para><maml:para>A claim transform policy object that was retrieved by using the Get-ADClaimTransformPolicy cmdlet and then modified is received by the Instance parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADClaimTransformPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the modified claim transform policy object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADClaimTransformPolicy -Identity DenyAllPolicy -DenyAll </dev:code><dev:remarks><maml:para>This command sets the transformation rule on the claims transformation policy named DenyAllPolicy to deny all claims, both those that are sent as well as those that are received.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADClaimTransformPolicy -Identity AllowAllExceptCompanyAndDepartmentPolicy -AllowAllExcept Company,Department </dev:code><dev:remarks><maml:para>This command sets the transformation rule on the claims transformation policy named AllowAllExceptCompanyAndDepartmentPolicy to allow all claims to be sent or received except for the claims Company and Department. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADClaimTransformPolicy -Identity HumanResourcesToHrPolicy -Rule 'C1:[Type=="ad://ext/Department:88ce6e1cc00e9524", Value=="Human Resources", ValueType=="string"] => issue(Type=C1.Type, Value="HR", ValueType=C1.ValueType);' </dev:code><dev:remarks><maml:para>This command sets the transformation rule on the claims transformation policy named HumanResourcesToHrPolicy to transform the value Human Resources to HR in the claim ad://ext/Department:88ce6e1cc00e9524. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$rule = Get-Content -Path C:\rule.txt PS C:\> Set-ADClaimTransformPolicy MyRule -Rule $rule </dev:code><dev:remarks><maml:para>This command sets the transformation rule on the claims transformation policy named MyRule with the rule specified in C:\rule.txt. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291112</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADClaimType</command:name><maml:description><maml:para>Modify a claim type in Active Directory. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADClaimType</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADClaimType cmdlet can be used to modify a claim type in Active Directory.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADClaimType</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimType</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AppliesToClasses</maml:name><maml:description><maml:para>Specifies the names, GUIDs or DNs of the schema classes to which this claim type is applied. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the claim type. The display name of the claim type must be unique. The display name of a claim type can be used as an identity in other Active Directory cmdlets. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Specifies if the claim type is enabled.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is: </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is:</maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>RestrictValues</maml:name><maml:description><maml:para>This parameter is used to specify whether the claim type may have values outside of the SuggestedValues parameter. If this is set to $True, then the claim should only have values specified in the SuggestedValues parameter. Note that Active Directory does not enforce this restriction. It is up to the applications that use these claims to enforce the restriction.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SuggestedValues</maml:name><maml:description><maml:para>Specifies one or more suggested values for the claim type. An application may choose to present this list of suggested values for the user to choose from. When RestrictValues is set to $True, the application should restrict the user to pick values from this list only.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADSuggestedValueEntry[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SourceTransformPolicy</maml:name><maml:description><maml:para>Indicates that the claim type is sourced from the claims transformation policy engine.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADClaimType</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimType</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AppliesToClasses</maml:name><maml:description><maml:para>Specifies the names, GUIDs or DNs of the schema classes to which this claim type is applied. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the claim type. The display name of the claim type must be unique. The display name of a claim type can be used as an identity in other Active Directory cmdlets. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Specifies if the claim type is enabled.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is: </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is:</maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>RestrictValues</maml:name><maml:description><maml:para>This parameter is used to specify whether the claim type may have values outside of the SuggestedValues parameter. If this is set to $True, then the claim should only have values specified in the SuggestedValues parameter. Note that Active Directory does not enforce this restriction. It is up to the applications that use these claims to enforce the restriction.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SuggestedValues</maml:name><maml:description><maml:para>Specifies one or more suggested values for the claim type. An application may choose to present this list of suggested values for the user to choose from. When RestrictValues is set to $True, the application should restrict the user to pick values from this list only.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADSuggestedValueEntry[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SourceAttribute</maml:name><maml:description><maml:para>Specifies an Active Directory attribute from which this claim type is based, and from which the claim value is obtained. The input must be the distinguished name (DN), Name, or GUID of the attribute definition in the schema.</maml:para><maml:para>Acceptable values include attributes of the following schema class objects: User, InetOrgPerson, Computer, ManagedServiceAccount, GroupManagedServiceAccount, and Auxiliary, except for the following attributes: -- Attributes marked as defunct in the schema- Blocked attributes such as dBCSPwd, lmPwdHistory, and unicodePwd -- Attributes that are not replicated -- Attributes that are not available on read-only domain controllers -- Attributes with syntaxes not based on the following: ---- String Object (DS-DN) ---- String (Unicode) ---- Boolean ---- Integer ---- Large Integer ---- String (OID) ---- String (SD)</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADClaimType</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimType</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AppliesToClasses</maml:name><maml:description><maml:para>Specifies the names, GUIDs or DNs of the schema classes to which this claim type is applied. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the claim type. The display name of the claim type must be unique. The display name of a claim type can be used as an identity in other Active Directory cmdlets. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Specifies if the claim type is enabled.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is: </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is:</maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>RestrictValues</maml:name><maml:description><maml:para>This parameter is used to specify whether the claim type may have values outside of the SuggestedValues parameter. If this is set to $True, then the claim should only have values specified in the SuggestedValues parameter. Note that Active Directory does not enforce this restriction. It is up to the applications that use these claims to enforce the restriction.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SourceOID</maml:name><maml:description><maml:para>Specifies a string to use to configure a certificate-based claim type source. For example, use this parameter to create certificate-based claim types when you want to use smartcard logon claims for authorization decisions. This parameter uses the string representation of an object identifier (OID) from the issuance policy found in the certificate and on the certificate template when using Active Directory Certificate Services. An example of an OID is 1.3.6.1.4.1.311.47.2.5.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADClaimType</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimType</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AppliesToClasses</maml:name><maml:description><maml:para>Specifies the names, GUIDs or DNs of the schema classes to which this claim type is applied. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the claim type. The display name of the claim type must be unique. The display name of a claim type can be used as an identity in other Active Directory cmdlets. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Specifies if the claim type is enabled.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is: </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is:</maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>RestrictValues</maml:name><maml:description><maml:para>This parameter is used to specify whether the claim type may have values outside of the SuggestedValues parameter. If this is set to $True, then the claim should only have values specified in the SuggestedValues parameter. Note that Active Directory does not enforce this restriction. It is up to the applications that use these claims to enforce the restriction.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SuggestedValues</maml:name><maml:description><maml:para>Specifies one or more suggested values for the claim type. An application may choose to present this list of suggested values for the user to choose from. When RestrictValues is set to $True, the application should restrict the user to pick values from this list only.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADSuggestedValueEntry[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADClaimType</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a claim type object to use as a template for a new claim type object.</maml:para><maml:para>You can use an instance of an existing claim type object as a template or you can construct a new claim type object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing claim type object as a template for a new object. To retrieve an instance of an existing claim type object, use a cmdlet such as Get-ADClaimType. Then provide this object to the Instance parameter of the New-ADClaimType cmdlet to create a new claim type object. You can override property values of the new object by setting the appropriate parameters.</maml:para><maml:para>Method 2: Create a new claim type and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADClaimType cmdlet to create the new claim type object.</maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimType</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AppliesToClasses</maml:name><maml:description><maml:para>Specifies the names, GUIDs or DNs of the schema classes to which this claim type is applied. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.</maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the claim type. The display name of the claim type must be unique. The display name of a claim type can be used as an identity in other Active Directory cmdlets. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Specifies if the claim type is enabled.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimType</command:parameterValue><dev:type><maml:name>ADClaimType</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a claim type object to use as a template for a new claim type object.</maml:para><maml:para>You can use an instance of an existing claim type object as a template or you can construct a new claim type object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing claim type object as a template for a new object. To retrieve an instance of an existing claim type object, use a cmdlet such as Get-ADClaimType. Then provide this object to the Instance parameter of the New-ADClaimType cmdlet to create a new claim type object. You can override property values of the new object by setting the appropriate parameters.</maml:para><maml:para>Method 2: Create a new claim type and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADClaimType cmdlet to create the new claim type object.</maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimType</command:parameterValue><dev:type><maml:name>ADClaimType</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is: </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is:</maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>RestrictValues</maml:name><maml:description><maml:para>This parameter is used to specify whether the claim type may have values outside of the SuggestedValues parameter. If this is set to $True, then the claim should only have values specified in the SuggestedValues parameter. Note that Active Directory does not enforce this restriction. It is up to the applications that use these claims to enforce the restriction.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SourceAttribute</maml:name><maml:description><maml:para>Specifies an Active Directory attribute from which this claim type is based, and from which the claim value is obtained. The input must be the distinguished name (DN), Name, or GUID of the attribute definition in the schema.</maml:para><maml:para>Acceptable values include attributes of the following schema class objects: User, InetOrgPerson, Computer, ManagedServiceAccount, GroupManagedServiceAccount, and Auxiliary, except for the following attributes: -- Attributes marked as defunct in the schema- Blocked attributes such as dBCSPwd, lmPwdHistory, and unicodePwd -- Attributes that are not replicated -- Attributes that are not available on read-only domain controllers -- Attributes with syntaxes not based on the following: ---- String Object (DS-DN) ---- String (Unicode) ---- Boolean ---- Integer ---- Large Integer ---- String (OID) ---- String (SD)</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SourceOID</maml:name><maml:description><maml:para>Specifies a string to use to configure a certificate-based claim type source. For example, use this parameter to create certificate-based claim types when you want to use smartcard logon claims for authorization decisions. This parameter uses the string representation of an object identifier (OID) from the issuance policy found in the certificate and on the certificate template when using Active Directory Certificate Services. An example of an OID is 1.3.6.1.4.1.311.47.2.5.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SourceTransformPolicy</maml:name><maml:description><maml:para>Indicates that the claim type is sourced from the claims transformation policy engine.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SuggestedValues</maml:name><maml:description><maml:para>Specifies one or more suggested values for the claim type. An application may choose to present this list of suggested values for the user to choose from. When RestrictValues is set to $True, the application should restrict the user to pick values from this list only.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADSuggestedValueEntry[]</command:parameterValue><dev:type><maml:name>ADSuggestedValueEntry[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADClaimType</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADClaimType</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADClaimType -Identity Title -SourceAttribute "title" </dev:code><dev:remarks><maml:para>This command sets the user claim type with display name Title to source from the Active Directory attribute title.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$fullTime = New-Object Microsoft.ActiveDirectory.Management.ADSuggestedValueEntry("FTE", "Full-Time", "Full-time employee") PS C:\> $intern = New-Object Microsoft.ActiveDirectory.Management.ADSuggestedValueEntry("Intern", "Intern", "Student employee") PS C:\> $contractor = New-Object Microsoft.ActiveDirectory.Management.ADSuggestedValueEntry("Contractor", "Contractor", "Contract employee") PS C:\> Set-ADClaimType -Identity "Employee Type" -SuggestedValues $fullTime,$intern,$contractor </dev:code><dev:remarks><maml:para>This example sets the suggested values of the user claim type with display name Employee Type to FTE, Intern, and Contractor. Applications using this claim type would allow their users to specify one of the suggested values as this claim type's value.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADclaimType -Identity "Bitlocker Enabled" -SourceOID "1.3.6.1.4.1.311.67.1.1" -Enabled $False </dev:code><dev:remarks><maml:para>This example sets the source OID of the claim type with display name Bitlocker Enabled to 1.3.6.1.4.1.311.67.1.1, and disables the claim type. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADClaimType -Identity SourceForest -SourceTransformPolicy </dev:code><dev:remarks><maml:para>This command sets the claim type named SourceForest to source from the claims transformation policy engine. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291113</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADComputer</command:name><maml:description><maml:para>Modifies an Active Directory computer object.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADComputer</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADComputer cmdlet modifies the properties of an Active Directory computer object. You can modify commonly used property values by using the cmdlet parameters. Property values that are not associated with cmdlet parameters can be modified by using the Add, Replace, Clear, and Remove parameters. </maml:para><maml:para>The Identity parameter specifies the Active Directory computer to modify. You can identify a computer by its distinguished name Members (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. You can also set the Identity parameter to an object variable such as $<localComputerObject>, or you can pass an object through the pipeline to the Identity parameter. For example, you can use the Get-ADComputer cmdlet to retrieve a computer object and then pass the object through the pipeline to Set-ADComputer.</maml:para><maml:para>The Instance parameter provides a way to update a computer by applying the changes made to a copy of the computer object. When you set the Instance parameter to a copy of an Active Directory computer object that has been modified, the Set-ADComputer cmdlet makes the same changes to the original computer object. To get a copy of the object to modify, use the Get-ADComputer object. When you specify the Instance parameter you should not pass the Identity parameter. For more information about the Instance parameter, see the Instance parameter description. For more information about how the instance concept is used in Active Directory cmdlets, type Get-Help about_ActiveDirectory_Instance. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADComputer</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory computer object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A Security Accounts Manager Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the identifier given is a DN, the partition to search will be computed from that DN. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a computer object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADComputer</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AccountExpirationDate</maml:name><maml:description><maml:para>Specifies the expiration date for an account. When you set this parameter to 0, the account never expires. This parameter sets the AccountExpirationDate property of an account object. The LDAP Display name (ldapDisplayName) for this property is accountExpires.</maml:para><maml:para>Use the DateTime syntax when you specify this parameter. Time is assumed to be local time unless otherwise specified. When a time value is not specified, the time is assumed to 12:00:00 AM local time. When a date is not specified, the date is assumed to be the current date. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AccountNotDelegated</maml:name><maml:description><maml:para>Specifies whether the security context of the user is delegated to a service. When this parameter is set to true, the security context of the account is not delegated to a service even when the service account is set as trusted for Kerberos delegation. This parameter sets the AccountNotDelegated property for an Active Directory account. This parameter also sets the ADS_UF_NOT_DELEGATED flag of the Active Directory User Account Control (UAC) attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon.. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AllowReversiblePasswordEncryption</maml:name><maml:description><maml:para>Specifies whether reversible password encryption is allowed for the account. This parameter sets the AllowReversiblePasswordEncryption property of the account. This parameter also sets the ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED flag of the Active Directory User Account Control (UAC) attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthenticationPolicy</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy object. Specify the authentication policy object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthenticationPolicySilo</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy silo object. Specify the authentication policy silo object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>CannotChangePassword</maml:name><maml:description><maml:para>Specifies whether the account password can be changed. This parameter sets the CannotChangePassword property of an account. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Certificates</maml:name><maml:description><maml:para>Modifies the DER-encoded X.509v3 certificates of the account. These certificates include the public key certificates issued to this account by the Microsoft Certificate Service. This parameter sets the Certificates property of the account object. The LDAP Display Name (ldapDisplayName) for this property is userCertificate.</maml:para><maml:para>Syntax: </maml:para><maml:para>To add values: </maml:para><maml:para>-Certificates @{Add=value1,value2,...} </maml:para><maml:para>To remove values: </maml:para><maml:para>-Certificates @{Remove=value3,value4,...} </maml:para><maml:para>To replace values: </maml:para><maml:para>-Certificates @{Replace=value1,value2,...} </maml:para><maml:para>To clear all values: </maml:para><maml:para>-Certificates $null </maml:para><maml:para>You can specify more than one operation by using a list separated by semicolons. For example, use the following syntax to add and remove Certificate values </maml:para><maml:para>-Certificates @{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ChangePasswordAtLogon</maml:name><maml:description><maml:para>Specifies whether a password must be changed during the next logon attempt. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para><maml:para>This parameter cannot be set to $True or 1 for an account that also has the PasswordNeverExpires property set to $True. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>CompoundIdentitySupported</maml:name><maml:description><maml:para>Specifies whether an account supports Kerberos service tickets which includes the authorization data for the user's device. This value sets the compound identity supported flag of the Active Directory msDS-SupportedEncryptionTypes attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para><maml:para>Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore any changes to the flag on the msDS-SupportedEncryptionTypes attribute will be overwritten by the service or system which manages the setting.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DNSHostName</maml:name><maml:description><maml:para>Specifies the fully qualified domain name (FQDN) of the computer. This parameter sets the DNSHostName property for a computer object. The LDAP Display Name for this property is dNSHostName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Specifies if an account is enabled. An enabled account requires a password. This parameter sets the Enabled property for an account object. This parameter also sets the ADS_UF_ACCOUNTDISABLE flag of the Active Directory User Account Control (UAC) attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HomePage</maml:name><maml:description><maml:para>Specifies the URL of the home page of the object. This parameter sets the homePage property of an Active Directory object. The LDAP Display Name (ldapDisplayName) for this property is wWWHomePage.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>KerberosEncryptionType</maml:name><maml:description><maml:para>Specifies whether an account supports Kerberos encryption types which are used during creation of service tickets. This value sets the encryption types supported flags of the Active Directory msDS-SupportedEncryptionTypes attribute. The acceptable values for this parameter are: -- None -- DES -- RC4 -- AES128 -- AES256</maml:para><maml:para>None will remove all encryption types from the account which may result in the KDC being unable to issue service tickets for services using the account. </maml:para><maml:para>DES is a weak encryption type which is not supported by default since Windows 7 and Windows Server 2008 R2. </maml:para><maml:para>Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore any changes to the flag on the msDS-SupportedEncryptionTypes attribute will be overwritten by the service or system which manages the setting. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">None</command:parameterValue><command:parameterValue required="true" variableLength="false">DES</command:parameterValue><command:parameterValue required="true" variableLength="false">RC4</command:parameterValue><command:parameterValue required="true" variableLength="false">AES128</command:parameterValue><command:parameterValue required="true" variableLength="false">AES256</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Location</maml:name><maml:description><maml:para>Specifies the location of the computer, such as an office number. This parameter sets the Location property of a computer. The LDAP display name (ldapDisplayName) of this property is location.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ManagedBy</maml:name><maml:description><maml:para>Specifies the user or group that manages the object by providing one of the following property values. Note: The identifier in parentheses is the LDAP display name for the property. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter sets the Active Directory attribute with an LDAP Display Name of managedBy.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADPrincipal</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OperatingSystem</maml:name><maml:description><maml:para>Specifies an operating system name. This parameter sets the OperatingSystem property of the computer object. The LDAP Display Name (ldapDisplayName) for this property is operatingSystem.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OperatingSystemHotfix</maml:name><maml:description><maml:para>Specifies an operating system hotfix name. This parameter sets the operatingSystemHotfix property of the computer object. The LDAP display name for this property is operatingSystemHotfix.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OperatingSystemServicePack</maml:name><maml:description><maml:para>Specifies the name of an operating system service pack. This parameter sets the OperatingSystemServicePack property of the computer object. The LDAP display name (ldapDisplayName) for this property is operatingSystemServicePack.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OperatingSystemVersion</maml:name><maml:description><maml:para>Specifies an operating system version. This parameter sets the OperatingSystemVersion property of the computer object. The LDAP display name (ldapDisplayName) for this property is operatingSystemVersion.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain.</maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PasswordNeverExpires</maml:name><maml:description><maml:para>Specifies whether the password of an account can expire. This parameter sets the PasswordNeverExpires property of an account object. This parameter also sets the ADS_UF_DONT_EXPIRE_PASSWD flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para><maml:para>Note: This parameter cannot be set to $True or 1 for an account that also has the ChangePasswordAtLogon property set to &True. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PasswordNotRequired</maml:name><maml:description><maml:para>Specifies whether the account requires a password. This parameter sets the PasswordNotRequired property of an account, such as a user or computer account. This parameter also sets the ADS_UF_PASSWD_NOTREQD flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PrincipalsAllowedToDelegateToAccount</maml:name><maml:description><maml:para>Specifies the accounts which can act on the behalf of users to services running as this computer account. This parameter sets the msDS-AllowedToActOnBehalfOfOtherIdentity attribute of a computer account object.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is: </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SAMAccountName</maml:name><maml:description><maml:para>Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. The maximum length of the description is 256 characters. To be compatible with older operating systems, create a SAM account name that is 20 characters or less. This parameter sets the SAMAccountName for an account object. The LDAP display name (ldapDisplayName) for this property is sAMAccountName.</maml:para><maml:para>Note: If the string value provided is not terminated with a $ character, the system adds one if needed. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services, or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ServicePrincipalNames</maml:name><maml:description><maml:para>Specifies the service principal names for the account. This parameter sets the ServicePrincipalNames property of the account. The LDAP display name (ldapDisplayName) for this property is servicePrincipalName. This parameter uses the following syntax to add remove, replace or clear service principal name values: </maml:para><maml:para>Syntax: </maml:para><maml:para>To add values: </maml:para><maml:para>-ServicePrincipalNames @{Add=value1,value2,...} </maml:para><maml:para>To remove values: </maml:para><maml:para>-ServicePrincipalNames @{Remove=value3,value4,...} </maml:para><maml:para>To replace values: </maml:para><maml:para>-ServicePrincipalNames @{Replace=value1,value2,...} </maml:para><maml:para>To clear all values: </maml:para><maml:para>-ServicePrincipalNames $null </maml:para><maml:para>You can specify more than one change by using a list separated by semicolons. For example, use the following syntax to add and remove service principal names. </maml:para><maml:para>@{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para><maml:para>The following example shows how to add and remove service principal names. </maml:para><maml:para>-ServicePrincipalNames-@{Add="SQLservice\accounting.corp.contoso.com:1456"};{Remove="SQLservice\finance.corp.contoso.com:1456"} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TrustedForDelegation</maml:name><maml:description><maml:para>Specifies whether an account is trusted for Kerberos delegation. A service that runs under an account that is trusted for Kerberos delegation can assume the identity of a client requesting the service. This parameter sets the TrustedForDelegation property of an account object. This value also sets the ADS_UF_TRUSTED_FOR_DELEGATION flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UserPrincipalName</maml:name><maml:description><maml:para>Specifies a user principal name (UPN) in the format <user>@<DNS-domain-name>. A UPN is a friendly name assigned by an administrator that is shorter than the LDAP distinguished name used by the system and easier to remember. The UPN is independent of the user object's DN, so a user object can be moved or renamed without affecting the user logon name. When logging on using a UPN, users no longer have to choose a domain from a list on the logon dialog box.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADComputer</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services, or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies a modified copy of a computer object to use to update the actual Active Directory computer object. When this parameter is used, any modifications made to the modified copy of the object are also made to the corresponding Active Directory object. The cmdlet only updates the object properties that have changed. </maml:para><maml:para>The Instance parameter can only update computer objects that have been retrieved by using the Get-ADComputer cmdlet. When you specify the Instance parameter, you cannot specify other parameters that set properties on the object.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADComputer</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AccountExpirationDate</maml:name><maml:description><maml:para>Specifies the expiration date for an account. When you set this parameter to 0, the account never expires. This parameter sets the AccountExpirationDate property of an account object. The LDAP Display name (ldapDisplayName) for this property is accountExpires.</maml:para><maml:para>Use the DateTime syntax when you specify this parameter. Time is assumed to be local time unless otherwise specified. When a time value is not specified, the time is assumed to 12:00:00 AM local time. When a date is not specified, the date is assumed to be the current date. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue><dev:type><maml:name>DateTime</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AccountNotDelegated</maml:name><maml:description><maml:para>Specifies whether the security context of the user is delegated to a service. When this parameter is set to true, the security context of the account is not delegated to a service even when the service account is set as trusted for Kerberos delegation. This parameter sets the AccountNotDelegated property for an Active Directory account. This parameter also sets the ADS_UF_NOT_DELEGATED flag of the Active Directory User Account Control (UAC) attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon.. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AllowReversiblePasswordEncryption</maml:name><maml:description><maml:para>Specifies whether reversible password encryption is allowed for the account. This parameter sets the AllowReversiblePasswordEncryption property of the account. This parameter also sets the ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED flag of the Active Directory User Account Control (UAC) attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthenticationPolicy</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy object. Specify the authentication policy object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthenticationPolicySilo</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy silo object. Specify the authentication policy silo object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicySilo</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>CannotChangePassword</maml:name><maml:description><maml:para>Specifies whether the account password can be changed. This parameter sets the CannotChangePassword property of an account. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Certificates</maml:name><maml:description><maml:para>Modifies the DER-encoded X.509v3 certificates of the account. These certificates include the public key certificates issued to this account by the Microsoft Certificate Service. This parameter sets the Certificates property of the account object. The LDAP Display Name (ldapDisplayName) for this property is userCertificate.</maml:para><maml:para>Syntax: </maml:para><maml:para>To add values: </maml:para><maml:para>-Certificates @{Add=value1,value2,...} </maml:para><maml:para>To remove values: </maml:para><maml:para>-Certificates @{Remove=value3,value4,...} </maml:para><maml:para>To replace values: </maml:para><maml:para>-Certificates @{Replace=value1,value2,...} </maml:para><maml:para>To clear all values: </maml:para><maml:para>-Certificates $null </maml:para><maml:para>You can specify more than one operation by using a list separated by semicolons. For example, use the following syntax to add and remove Certificate values </maml:para><maml:para>-Certificates @{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ChangePasswordAtLogon</maml:name><maml:description><maml:para>Specifies whether a password must be changed during the next logon attempt. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para><maml:para>This parameter cannot be set to $True or 1 for an account that also has the PasswordNeverExpires property set to $True. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>CompoundIdentitySupported</maml:name><maml:description><maml:para>Specifies whether an account supports Kerberos service tickets which includes the authorization data for the user's device. This value sets the compound identity supported flag of the Active Directory msDS-SupportedEncryptionTypes attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para><maml:para>Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore any changes to the flag on the msDS-SupportedEncryptionTypes attribute will be overwritten by the service or system which manages the setting.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DNSHostName</maml:name><maml:description><maml:para>Specifies the fully qualified domain name (FQDN) of the computer. This parameter sets the DNSHostName property for a computer object. The LDAP Display Name for this property is dNSHostName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Specifies if an account is enabled. An enabled account requires a password. This parameter sets the Enabled property for an account object. This parameter also sets the ADS_UF_ACCOUNTDISABLE flag of the Active Directory User Account Control (UAC) attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HomePage</maml:name><maml:description><maml:para>Specifies the URL of the home page of the object. This parameter sets the homePage property of an Active Directory object. The LDAP Display Name (ldapDisplayName) for this property is wWWHomePage.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory computer object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A Security Accounts Manager Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the identifier given is a DN, the partition to search will be computed from that DN. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a computer object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADComputer</command:parameterValue><dev:type><maml:name>ADComputer</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies a modified copy of a computer object to use to update the actual Active Directory computer object. When this parameter is used, any modifications made to the modified copy of the object are also made to the corresponding Active Directory object. The cmdlet only updates the object properties that have changed. </maml:para><maml:para>The Instance parameter can only update computer objects that have been retrieved by using the Get-ADComputer cmdlet. When you specify the Instance parameter, you cannot specify other parameters that set properties on the object.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADComputer</command:parameterValue><dev:type><maml:name>ADComputer</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>KerberosEncryptionType</maml:name><maml:description><maml:para>Specifies whether an account supports Kerberos encryption types which are used during creation of service tickets. This value sets the encryption types supported flags of the Active Directory msDS-SupportedEncryptionTypes attribute. The acceptable values for this parameter are: -- None -- DES -- RC4 -- AES128 -- AES256</maml:para><maml:para>None will remove all encryption types from the account which may result in the KDC being unable to issue service tickets for services using the account. </maml:para><maml:para>DES is a weak encryption type which is not supported by default since Windows 7 and Windows Server 2008 R2. </maml:para><maml:para>Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore any changes to the flag on the msDS-SupportedEncryptionTypes attribute will be overwritten by the service or system which manages the setting. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADKerberosEncryptionType</command:parameterValue><dev:type><maml:name>ADKerberosEncryptionType</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Location</maml:name><maml:description><maml:para>Specifies the location of the computer, such as an office number. This parameter sets the Location property of a computer. The LDAP display name (ldapDisplayName) of this property is location.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ManagedBy</maml:name><maml:description><maml:para>Specifies the user or group that manages the object by providing one of the following property values. Note: The identifier in parentheses is the LDAP display name for the property. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter sets the Active Directory attribute with an LDAP Display Name of managedBy.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADPrincipal</command:parameterValue><dev:type><maml:name>ADPrincipal</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OperatingSystem</maml:name><maml:description><maml:para>Specifies an operating system name. This parameter sets the OperatingSystem property of the computer object. The LDAP Display Name (ldapDisplayName) for this property is operatingSystem.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OperatingSystemHotfix</maml:name><maml:description><maml:para>Specifies an operating system hotfix name. This parameter sets the operatingSystemHotfix property of the computer object. The LDAP display name for this property is operatingSystemHotfix.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OperatingSystemServicePack</maml:name><maml:description><maml:para>Specifies the name of an operating system service pack. This parameter sets the OperatingSystemServicePack property of the computer object. The LDAP display name (ldapDisplayName) for this property is operatingSystemServicePack.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OperatingSystemVersion</maml:name><maml:description><maml:para>Specifies an operating system version. This parameter sets the OperatingSystemVersion property of the computer object. The LDAP display name (ldapDisplayName) for this property is operatingSystemVersion.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.</maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain.</maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PasswordNeverExpires</maml:name><maml:description><maml:para>Specifies whether the password of an account can expire. This parameter sets the PasswordNeverExpires property of an account object. This parameter also sets the ADS_UF_DONT_EXPIRE_PASSWD flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para><maml:para>Note: This parameter cannot be set to $True or 1 for an account that also has the ChangePasswordAtLogon property set to &True. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PasswordNotRequired</maml:name><maml:description><maml:para>Specifies whether the account requires a password. This parameter sets the PasswordNotRequired property of an account, such as a user or computer account. This parameter also sets the ADS_UF_PASSWD_NOTREQD flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PrincipalsAllowedToDelegateToAccount</maml:name><maml:description><maml:para>Specifies the accounts which can act on the behalf of users to services running as this computer account. This parameter sets the msDS-AllowedToActOnBehalfOfOtherIdentity attribute of a computer account object.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue><dev:type><maml:name>ADPrincipal[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is: </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SAMAccountName</maml:name><maml:description><maml:para>Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. The maximum length of the description is 256 characters. To be compatible with older operating systems, create a SAM account name that is 20 characters or less. This parameter sets the SAMAccountName for an account object. The LDAP display name (ldapDisplayName) for this property is sAMAccountName.</maml:para><maml:para>Note: If the string value provided is not terminated with a $ character, the system adds one if needed. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services, or Active Directory Snapshot instance.</maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ServicePrincipalNames</maml:name><maml:description><maml:para>Specifies the service principal names for the account. This parameter sets the ServicePrincipalNames property of the account. The LDAP display name (ldapDisplayName) for this property is servicePrincipalName. This parameter uses the following syntax to add remove, replace or clear service principal name values: </maml:para><maml:para>Syntax: </maml:para><maml:para>To add values: </maml:para><maml:para>-ServicePrincipalNames @{Add=value1,value2,...} </maml:para><maml:para>To remove values: </maml:para><maml:para>-ServicePrincipalNames @{Remove=value3,value4,...} </maml:para><maml:para>To replace values: </maml:para><maml:para>-ServicePrincipalNames @{Replace=value1,value2,...} </maml:para><maml:para>To clear all values: </maml:para><maml:para>-ServicePrincipalNames $null </maml:para><maml:para>You can specify more than one change by using a list separated by semicolons. For example, use the following syntax to add and remove service principal names. </maml:para><maml:para>@{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para><maml:para>The following example shows how to add and remove service principal names. </maml:para><maml:para>-ServicePrincipalNames-@{Add="SQLservice\accounting.corp.contoso.com:1456"};{Remove="SQLservice\finance.corp.contoso.com:1456"} </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TrustedForDelegation</maml:name><maml:description><maml:para>Specifies whether an account is trusted for Kerberos delegation. A service that runs under an account that is trusted for Kerberos delegation can assume the identity of a client requesting the service. This parameter sets the TrustedForDelegation property of an account object. This value also sets the ADS_UF_TRUSTED_FOR_DELEGATION flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UserPrincipalName</maml:name><maml:description><maml:para>Specifies a user principal name (UPN) in the format <user>@<DNS-domain-name>. A UPN is a friendly name assigned by an administrator that is shorter than the LDAP distinguished name used by the system and easier to remember. The UPN is independent of the user object's DN, so a user object can be moved or renamed without affecting the user logon name. When logging on using a UPN, users no longer have to choose a domain from a list on the logon dialog box.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADComputer</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A computer object is received by the Identity parameter. </maml:para><maml:para>A computer object that was retrieved by using the Get-ADComputer cmdlet and then modified is received by the Instance parameter.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADComputer</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the modified computer object when the PassThru parameter is specified. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work when connected to Global Catalog port.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADComputer -Identity "FABRIKAM-SRV1" -ServicePrincipalName @{Replace="MSSQLSVC/FABRIKAM-SRV1.FABRIKAM.COM:1456","MSOLAPSVC.3/FABRIKAM-SRV1.FABRIKAM.COM:analyze"} </dev:code><dev:remarks><maml:para>This command modifies the SPN value for the computer specified by the Identity parameter. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADComputer -Identity "FABRIKAM-SRV1" -Location "NA/HQ/Building A" </dev:code><dev:remarks><maml:para>This command modifies the location for the computer specified by the Identity parameter.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADComputer -Identity "FABRIKAM-SRV1" -ManagedBy "CN=SQL Administrator 01,OU=UserAccounts,OU=Managed,DC=FABRIKAM,DC=COM" </dev:code><dev:remarks><maml:para>This command sets the ManagedBy attribute value for the computer specified by the Identity parameter using the SAM account name of the user. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$comp = Get-ADComputer -Identity "FABRIKAM-SRV1" PS C:\> $comp.Location = "NA/HQ/Building A" PS C:\> $comp.ManagedBy = "CN=SQL Administrator 01,OU=UserAccounts,OU=Managed,DC=FABRIKAM,DC=COM" PS C:\> Set-ADComputer -Instance $comp </dev:code><dev:remarks><maml:para>This example sets the Location and ManagedBy attributes of a computer. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADComputer SaraDavisLaptop -Identity "FABRIKAM-SRV1" | Set-ADcomputer -Location "W4013" </dev:code><dev:remarks><maml:para>This command modifies the Location property for the computer named FABRIKAM-SRV1. The command uses the Get-ADComputer cmdlet to get the FABRIKAM-SRV1 computer object, and then passes the object to the current cmdlet by using the pipeline operator. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291114</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ADComputerServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADComputer</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADComputerServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADComputer</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADComputer</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADComputerServiceAccount</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADDefaultDomainPasswordPolicy</command:name><maml:description><maml:para>Modifies the default password policy for an Active Directory domain.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADDefaultDomainPasswordPolicy</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADDefaultDomainPasswordPolicy cmdlet modifies the properties of the default password policy for a domain. You can modify property values by using the cmdlet parameters. </maml:para><maml:para>The Identity parameter specifies the domain whose default password policy you want modify. You can identify a domain by its Distinguished Name (DN), GUID, Security Identifier (SID), DNS domain name, or NETBIOS name. You can also set the parameter to an ADDomain object variable, or pass an ADDomain object through the pipeline to the Identity parameter. For example, you can use the Get-ADDomain cmdlet to retrieve a domain object and then pass the object through the pipeline to the Set-ADDefaultDomainPasswordPolicy cmdlet.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADDefaultDomainPasswordPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory domain object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. All values are for the domainDNS object that represents the domain. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A DNS domain name -- A NetBIOS domain name</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a domain object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDefaultDomainPasswordPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ComplexityEnabled</maml:name><maml:description><maml:para>Specifies whether password complexity is enabled for the password policy. If enabled, the password must contain three of the following four character types: -- Uppercase characters (A, B, C, D, E, ...) -- Lowercase characters (a, b, c, d, e, ...) -- Numerals (0, 1, 2, 3, ...) -- Special characters (#, $, *, %, ...)</maml:para><maml:para>This parameter sets the ComplexityEnabled property of a password policy. The acceptable values for this parameter are: -- $False or 0. Disables password complexity. -- $True or 1. Enables password complexity.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LockoutDuration</maml:name><maml:description><maml:para>Specifies the length of time that an account is locked after the number of failed login attempts exceeds the lockout threshold. You cannot login to an account that is locked until the lockout duration time period has expired. This parameter sets the lockoutDuration property of a password policy object. The LDAP display name (ldapDisplayName) of this property is msDS-LockoutDuration. </maml:para><maml:para>The lockout duration must be greater than or equal to the lockout observation time for a password policy. Use the LockOutObservationWindow parameter to set the lockout observation time. </maml:para><maml:para>Specify the lockout duration time interval in the following format: </maml:para><maml:para>[-]D.H:M:S.F </maml:para><maml:para>where: </maml:para><maml:para>D = Days (0 to 10675199) </maml:para><maml:para>H = Hours (0 to 23) </maml:para><maml:para>M = Minutes (0 to 59) </maml:para><maml:para>S = Seconds (0 to 59) </maml:para><maml:para>F= Fractions of a second (0 to 9999999) </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LockoutObservationWindow</maml:name><maml:description><maml:para>Specifies the maximum time interval between two unsuccessful login attempts before the number of unsuccessful login attempts is reset to 0. An account is locked when the number of unsuccessful login attempts exceeds the password policy lockout threshold. This parameter sets the lockoutObservationWindow property of a password policy object. The LDAP Display Name (ldapDisplayName) of this property is msDS-lockoutObservationWindow.</maml:para><maml:para>The lockout observation window must be smaller than or equal to the lockout duration for a password policy. Use the LockoutDuration parameter to set the lockout duration time.</maml:para><maml:para>Specify the time interval in the following format: </maml:para><maml:para>[-]D:H:M:S.F </maml:para><maml:para>where: </maml:para><maml:para>D = Days (0 to 10675199) </maml:para><maml:para>H = Hours (0 to 23) </maml:para><maml:para>M = Minutes (0 to 59) </maml:para><maml:para>S = Seconds (0 to 59) </maml:para><maml:para>F= Fractions of a second (0 to 9999999) </maml:para><maml:para>Note: Time values must be between the following values: 0:0:0:0.0 and 10675199:02:48:05.4775807. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LockoutThreshold</maml:name><maml:description><maml:para>Specifies the number of unsuccessful login attempts that are permitted before an account is locked out. This number increases when the time between unsuccessful login attempts is less than the time specified for the lockout observation time window. This parameter sets the LockoutThreshold property of a password policy. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>MaxPasswordAge</maml:name><maml:description><maml:para>Specifies the maximum length of time that you can have the same password. After this time period, the password expires and you must create a new one. </maml:para><maml:para>This parameter sets the maxPasswordAge property of a password policy. The LDAP Display Name (ldapDisplayName) for this property is maxPwdAge.</maml:para><maml:para>Specify the time interval in the following format: </maml:para><maml:para>[-]D.H:M:S.F </maml:para><maml:para>where: </maml:para><maml:para>[-] = Specifies a negative time interval </maml:para><maml:para>D = Days (0 to 10675199) </maml:para><maml:para>H = Hours (0 to 23) </maml:para><maml:para>M = Minutes (0 to 59) </maml:para><maml:para>S = Seconds (0 to 59) </maml:para><maml:para>F= Fractions of a second (0 to 9999999) </maml:para><maml:para>Note: Time values must be between the following values: -10675199:02:48:05.4775808 and 10675199:02:48:05.4775807. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>MinPasswordAge</maml:name><maml:description><maml:para>Specifies the minimum length of time before you can change a password. </maml:para><maml:para>This parameter sets the minPasswordAge property of a password policy. The LDAP Display Name (ldapDisplayName) for this property is minPwdAge.</maml:para><maml:para>Specify the time interval in the following format. </maml:para><maml:para>[-]D.H:M:S.F </maml:para><maml:para>where: </maml:para><maml:para>[-] = Specifies a negative time interval </maml:para><maml:para>D = Days (0 to 10675199) </maml:para><maml:para>H = Hours (0 to 23) </maml:para><maml:para>M = Minutes (0 to 59) </maml:para><maml:para>S = Seconds (0 to 59) </maml:para><maml:para>F= Fractions of a second (0 to 9999999) </maml:para><maml:para>Note: Time values must be between the following values: -10675199:02:48:05.4775808 and 10675199:02:48:05.4775807. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>MinPasswordLength</maml:name><maml:description><maml:para>Specifies the minimum number of characters that a password must contain. This parameter sets the MinPasswordLength property of the password policy. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PasswordHistoryCount</maml:name><maml:description><maml:para>Specifies the number of previous passwords to save. A user cannot reuse a password in the list of saved passwords. This parameter sets the PasswordHistoryCount property for a password policy. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ReversibleEncryptionEnabled</maml:name><maml:description><maml:para>Specifies whether the directory must store passwords using reversible encryption. This parameter sets the ReversibleEncryption property for a password policy. The acceptable values for this parameter are: -- $False or 0 -- $True or 1 </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ComplexityEnabled</maml:name><maml:description><maml:para>Specifies whether password complexity is enabled for the password policy. If enabled, the password must contain three of the following four character types: -- Uppercase characters (A, B, C, D, E, ...) -- Lowercase characters (a, b, c, d, e, ...) -- Numerals (0, 1, 2, 3, ...) -- Special characters (#, $, *, %, ...)</maml:para><maml:para>This parameter sets the ComplexityEnabled property of a password policy. The acceptable values for this parameter are: -- $False or 0. Disables password complexity. -- $True or 1. Enables password complexity.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue>$true</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory domain object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. All values are for the domainDNS object that represents the domain. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A DNS domain name -- A NetBIOS domain name</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a domain object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDefaultDomainPasswordPolicy</command:parameterValue><dev:type><maml:name>ADDefaultDomainPasswordPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LockoutDuration</maml:name><maml:description><maml:para>Specifies the length of time that an account is locked after the number of failed login attempts exceeds the lockout threshold. You cannot login to an account that is locked until the lockout duration time period has expired. This parameter sets the lockoutDuration property of a password policy object. The LDAP display name (ldapDisplayName) of this property is msDS-LockoutDuration. </maml:para><maml:para>The lockout duration must be greater than or equal to the lockout observation time for a password policy. Use the LockOutObservationWindow parameter to set the lockout observation time. </maml:para><maml:para>Specify the lockout duration time interval in the following format: </maml:para><maml:para>[-]D.H:M:S.F </maml:para><maml:para>where: </maml:para><maml:para>D = Days (0 to 10675199) </maml:para><maml:para>H = Hours (0 to 23) </maml:para><maml:para>M = Minutes (0 to 59) </maml:para><maml:para>S = Seconds (0 to 59) </maml:para><maml:para>F= Fractions of a second (0 to 9999999) </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue><dev:type><maml:name>TimeSpan</maml:name><maml:uri /></dev:type><dev:defaultValue>0.00:30:00 (30 Minutes)</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LockoutObservationWindow</maml:name><maml:description><maml:para>Specifies the maximum time interval between two unsuccessful login attempts before the number of unsuccessful login attempts is reset to 0. An account is locked when the number of unsuccessful login attempts exceeds the password policy lockout threshold. This parameter sets the lockoutObservationWindow property of a password policy object. The LDAP Display Name (ldapDisplayName) of this property is msDS-lockoutObservationWindow.</maml:para><maml:para>The lockout observation window must be smaller than or equal to the lockout duration for a password policy. Use the LockoutDuration parameter to set the lockout duration time.</maml:para><maml:para>Specify the time interval in the following format: </maml:para><maml:para>[-]D:H:M:S.F </maml:para><maml:para>where: </maml:para><maml:para>D = Days (0 to 10675199) </maml:para><maml:para>H = Hours (0 to 23) </maml:para><maml:para>M = Minutes (0 to 59) </maml:para><maml:para>S = Seconds (0 to 59) </maml:para><maml:para>F= Fractions of a second (0 to 9999999) </maml:para><maml:para>Note: Time values must be between the following values: 0:0:0:0.0 and 10675199:02:48:05.4775807. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue><dev:type><maml:name>TimeSpan</maml:name><maml:uri /></dev:type><dev:defaultValue>0.00.30.00 (30 Minutes)</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LockoutThreshold</maml:name><maml:description><maml:para>Specifies the number of unsuccessful login attempts that are permitted before an account is locked out. This number increases when the time between unsuccessful login attempts is less than the time specified for the lockout observation time window. This parameter sets the LockoutThreshold property of a password policy. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue>0</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>MaxPasswordAge</maml:name><maml:description><maml:para>Specifies the maximum length of time that you can have the same password. After this time period, the password expires and you must create a new one. </maml:para><maml:para>This parameter sets the maxPasswordAge property of a password policy. The LDAP Display Name (ldapDisplayName) for this property is maxPwdAge.</maml:para><maml:para>Specify the time interval in the following format: </maml:para><maml:para>[-]D.H:M:S.F </maml:para><maml:para>where: </maml:para><maml:para>[-] = Specifies a negative time interval </maml:para><maml:para>D = Days (0 to 10675199) </maml:para><maml:para>H = Hours (0 to 23) </maml:para><maml:para>M = Minutes (0 to 59) </maml:para><maml:para>S = Seconds (0 to 59) </maml:para><maml:para>F= Fractions of a second (0 to 9999999) </maml:para><maml:para>Note: Time values must be between the following values: -10675199:02:48:05.4775808 and 10675199:02:48:05.4775807. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue><dev:type><maml:name>TimeSpan</maml:name><maml:uri /></dev:type><dev:defaultValue>42.00:00:00 (42 days)</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>MinPasswordAge</maml:name><maml:description><maml:para>Specifies the minimum length of time before you can change a password. </maml:para><maml:para>This parameter sets the minPasswordAge property of a password policy. The LDAP Display Name (ldapDisplayName) for this property is minPwdAge.</maml:para><maml:para>Specify the time interval in the following format. </maml:para><maml:para>[-]D.H:M:S.F </maml:para><maml:para>where: </maml:para><maml:para>[-] = Specifies a negative time interval </maml:para><maml:para>D = Days (0 to 10675199) </maml:para><maml:para>H = Hours (0 to 23) </maml:para><maml:para>M = Minutes (0 to 59) </maml:para><maml:para>S = Seconds (0 to 59) </maml:para><maml:para>F= Fractions of a second (0 to 9999999) </maml:para><maml:para>Note: Time values must be between the following values: -10675199:02:48:05.4775808 and 10675199:02:48:05.4775807. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue><dev:type><maml:name>TimeSpan</maml:name><maml:uri /></dev:type><dev:defaultValue>1.00:00:00 (1day)</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>MinPasswordLength</maml:name><maml:description><maml:para>Specifies the minimum number of characters that a password must contain. This parameter sets the MinPasswordLength property of the password policy. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue>7</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PasswordHistoryCount</maml:name><maml:description><maml:para>Specifies the number of previous passwords to save. A user cannot reuse a password in the list of saved passwords. This parameter sets the PasswordHistoryCount property for a password policy. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue>24</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ReversibleEncryptionEnabled</maml:name><maml:description><maml:para>Specifies whether the directory must store passwords using reversible encryption. This parameter sets the ReversibleEncryption property for a password policy. The acceptable values for this parameter are: -- $False or 0 -- $True or 1 </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue>$true</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADDomain</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A domain object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None </maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert><maml:alert></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADDefaultDomainPasswordPolicy -Identity fabrikam.com -LockoutDuration 00:40:00 -LockoutObservationWindow 00:20:00 -ComplexityEnabled $True -ReversibleEncryptionEnabled $False -MaxPasswordAge 10.00:00:00 </dev:code><dev:remarks><maml:para>This command sets the default domain password policy for a domain specified by using the Identity parameter. Note: setting MaxPwdAge to 0 will convert it to never, which is Int64.MinValue or -9223372036854775808 in the directory. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADDefaultDomainPasswordPolicy -Current LoggedOnUser | Set-ADDefaultDomainPasswordPolicy -LockoutDuration 00:40:00 -LockoutObservationWindow 00:20:00 -ComplexityEnabled $true -ReversibleEncryptionEnabled $false -MinPasswordLength 12 </dev:code><dev:remarks><maml:para>This command sets the default domain password policy for the current logged on user domain.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291115</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADDefaultDomainPasswordPolicy</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADDomain</command:name><maml:description><maml:para>Modifies an Active Directory domain.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADDomain</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADDomain cmdlet modifies the properties of an Active Directory domain. You can modify commonly used property values by using the cmdlet parameters. Property values that are not associated with cmdlet parameters can be modified by using the Add, Replace, Clear, and Remove parameters. </maml:para><maml:para>The Identity parameter specifies the domain to modify. You can identify a domain by its distinguished name (DN), GUID, security identifier (SID), DNS domain name, or NetBIOS name. You can also set the Identity parameter to an object variable such as $<localDomainObject>, or you can pass an object through the pipeline to the Identity parameter. For example, you can use the Get-ADDomain cmdlet to retrieve a domain object and then pass the object through the pipeline to the Set-ADDomain cmdlet. </maml:para><maml:para>The Instance parameter provides a way to update a domain object by applying the changes made to a copy of the domain object. When you set the Instance parameter to a copy of an Active Directory domain object that has been modified, the Set-ADDomain cmdlet makes the same changes to the original domain object. To get a copy of the object to modify, use the Get-ADDomain object. When you specify the Instance parameter you should not pass the Identity parameter. For more information about the Instance parameter, see the Instance parameter description. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADDomain</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory domain object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. All values are for the domainDNS object that represents the domain. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A DNS domain name -- A NetBIOS domain name </maml:para><maml:para></maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a domain object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDomain</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is</maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AllowedDNSSuffixes</maml:name><maml:description><maml:para>Modifies the list of domain name server (DNS) suffixes that are allowed in a domain. This parameter sets the value of the msDS-AllowedDNSSuffixes attribute of the domainDNS object. This parameter uses the following syntax to add, remove, replace, or clear DNS suffix values. </maml:para><maml:para>To add values: </maml:para><maml:para>-AllowedDNSSuffixes @{Add=value1,value2,...} </maml:para><maml:para>To remove values: </maml:para><maml:para>-AllowedDNSSuffixes @{Remove=value3,value4,...} </maml:para><maml:para>To replace values: </maml:para><maml:para>-AllowedDNSSuffixes @{Replace=value1,value2,...} </maml:para><maml:para>To clear all values: </maml:para><maml:para>-AllowedDNSSuffixes $null </maml:para><maml:para>You can specify more than one change by using a list separated by semicolons. For example, use the following syntax to add and remove DNS suffix values: </maml:para><maml:para>@{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>When you use the Add, Remove, Replace and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para><maml:para></maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LastLogonReplicationInterval</maml:name><maml:description><maml:para>Specifies the time, in days, within which the last logon time of an account must be replicated across all domain controllers in the domain. This parameter sets the LastLogonReplicationInterval property for a domain. The LDAP display name (ldapDisplayName) for this property is msDS-LogonTimeSyncInterval. The last logon replication interval must be at least one day. Setting the last logon replication interval to a low value can significantly increase domain-wide replication. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ManagedBy</maml:name><maml:description><maml:para>Specifies the user or group that manages the object by providing one of the following property values. Note: The identifier in parentheses is the LDAP display name for the property. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName) </maml:para><maml:para>This parameter sets the Active Directory attribute with an LDAP Display Name of managedBy. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADPrincipal</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is:</maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations wilol be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADDomain</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AllowedDNSSuffixes</maml:name><maml:description><maml:para>Modifies the list of domain name server (DNS) suffixes that are allowed in a domain. This parameter sets the value of the msDS-AllowedDNSSuffixes attribute of the domainDNS object. This parameter uses the following syntax to add, remove, replace, or clear DNS suffix values. </maml:para><maml:para>To add values: </maml:para><maml:para>-AllowedDNSSuffixes @{Add=value1,value2,...} </maml:para><maml:para>To remove values: </maml:para><maml:para>-AllowedDNSSuffixes @{Remove=value3,value4,...} </maml:para><maml:para>To replace values: </maml:para><maml:para>-AllowedDNSSuffixes @{Replace=value1,value2,...} </maml:para><maml:para>To clear all values: </maml:para><maml:para>-AllowedDNSSuffixes $null </maml:para><maml:para>You can specify more than one change by using a list separated by semicolons. For example, use the following syntax to add and remove DNS suffix values: </maml:para><maml:para>@{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>When you use the Add, Remove, Replace and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para><maml:para></maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LastLogonReplicationInterval</maml:name><maml:description><maml:para>Specifies the time, in days, within which the last logon time of an account must be replicated across all domain controllers in the domain. This parameter sets the LastLogonReplicationInterval property for a domain. The LDAP display name (ldapDisplayName) for this property is msDS-LogonTimeSyncInterval. The last logon replication interval must be at least one day. Setting the last logon replication interval to a low value can significantly increase domain-wide replication. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ManagedBy</maml:name><maml:description><maml:para>Specifies the user or group that manages the object by providing one of the following property values. Note: The identifier in parentheses is the LDAP display name for the property. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName) </maml:para><maml:para>This parameter sets the Active Directory attribute with an LDAP Display Name of managedBy. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADPrincipal</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies a modified copy of a domain object to use to update the actual Active Directory domain object. When this parameter is used, any modifications made to the modified copy of the object are also made to the corresponding Active Directory object. The cmdlet only updates the object properties that have changed. </maml:para><maml:para>The Instance parameter can only update domain objects that have been retrieved by using the Get-ADDomain cmdlet. When you specify the Instance parameter, you cannot specify other parameters that set properties on the object. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDomain</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is</maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AllowedDNSSuffixes</maml:name><maml:description><maml:para>Modifies the list of domain name server (DNS) suffixes that are allowed in a domain. This parameter sets the value of the msDS-AllowedDNSSuffixes attribute of the domainDNS object. This parameter uses the following syntax to add, remove, replace, or clear DNS suffix values. </maml:para><maml:para>To add values: </maml:para><maml:para>-AllowedDNSSuffixes @{Add=value1,value2,...} </maml:para><maml:para>To remove values: </maml:para><maml:para>-AllowedDNSSuffixes @{Remove=value3,value4,...} </maml:para><maml:para>To replace values: </maml:para><maml:para>-AllowedDNSSuffixes @{Replace=value1,value2,...} </maml:para><maml:para>To clear all values: </maml:para><maml:para>-AllowedDNSSuffixes $null </maml:para><maml:para>You can specify more than one change by using a list separated by semicolons. For example, use the following syntax to add and remove DNS suffix values: </maml:para><maml:para>@{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>When you use the Add, Remove, Replace and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para><maml:para></maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory domain object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. All values are for the domainDNS object that represents the domain. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A DNS domain name -- A NetBIOS domain name </maml:para><maml:para></maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a domain object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDomain</command:parameterValue><dev:type><maml:name>ADDomain</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies a modified copy of a domain object to use to update the actual Active Directory domain object. When this parameter is used, any modifications made to the modified copy of the object are also made to the corresponding Active Directory object. The cmdlet only updates the object properties that have changed. </maml:para><maml:para>The Instance parameter can only update domain objects that have been retrieved by using the Get-ADDomain cmdlet. When you specify the Instance parameter, you cannot specify other parameters that set properties on the object. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDomain</command:parameterValue><dev:type><maml:name>ADDomain</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LastLogonReplicationInterval</maml:name><maml:description><maml:para>Specifies the time, in days, within which the last logon time of an account must be replicated across all domain controllers in the domain. This parameter sets the LastLogonReplicationInterval property for a domain. The LDAP display name (ldapDisplayName) for this property is msDS-LogonTimeSyncInterval. The last logon replication interval must be at least one day. Setting the last logon replication interval to a low value can significantly increase domain-wide replication. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue><dev:type><maml:name>TimeSpan</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ManagedBy</maml:name><maml:description><maml:para>Specifies the user or group that manages the object by providing one of the following property values. Note: The identifier in parentheses is the LDAP display name for the property. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName) </maml:para><maml:para>This parameter sets the Active Directory attribute with an LDAP Display Name of managedBy. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADPrincipal</command:parameterValue><dev:type><maml:name>ADPrincipal</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is:</maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations wilol be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADDomain</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A domain object is received by the Identity parameter. </maml:para><maml:para>A domain object that was retrieved by using the Get-ADDomain cmdlet and then modified is received by the Instance parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADDomain</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the modified domain object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADDomain -Identity FABRIKAM -AllowedDNSSuffixes @{Replace="fabrikam.com","corp.fabrikam.com"} </dev:code><dev:remarks><maml:para>This command sets the value of AllowedDNSSuffixes to {"fabrikam.com","corp.fabrikam.com"} in domain FABRIKAM.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADDomain -Identity FABRIKAM -AllowedDNSSuffixes @{Add="corp.fabrikam.com"} </dev:code><dev:remarks><maml:para>This command adds the value corp.fabrikam.com to the AllowedDNSSuffixes in domain FABRIKAM.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADDomain -Identity FABRIKAM -ManagedBy 'CN=Domain Admins,CN=Users,DC=FABRIKAM,DC=COM' </dev:code><dev:remarks><maml:para>This command sets the ManagedBy property in domain FABRIKAM to CN=Domain Admins,CN=Users,DC=FABRIKAM,DC=COM. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADDomain | Set-ADDomain -LastLogonReplicationInterval "10" </dev:code><dev:remarks><maml:para>This command sets the LastLogonReplicationInterval of the current logged on user domain to 10.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$Domain = Get-ADDomain -Identity London PS C:\> $Domain.ManagedBy = PattiFuller PS C:\> Set-ADDomain -Instance $Domain </dev:code><dev:remarks><maml:para>This example modifies the ManagedBy property for the London domain. The example modifies a local instance of the London domain, and then specifies the Instance parameter for the current cmdlet as the local instance. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291116</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADDomain</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADDomainMode</command:name><maml:description><maml:para>Sets the domain mode for an Active Directory domain.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADDomainMode</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADDomainMode cmdlet sets the domain mode for a domain. You specify the domain mode by setting the DomainMode parameter. </maml:para><maml:para>The Identity parameter specifies the Active Directory domain to modify. You can identify a domain by its distinguished name (DN), GUID, security identifier (SID), DNS domain name, or NetBIOS name. You can also set the Identity parameter to a domain object variable such as $<localADDomainObject>, or you can pass a domain object through the pipeline to the Identity parameter. For example, you can use the Get-ADDomain cmdlet to retrieve a domain object and then pass the object through the pipeline operator to the Set-ADDomainMode cmdlet. </maml:para><maml:para>The Set-ADDomainMode cmdlet always prompts for permission unless you specify -confirm:$false.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADDomainMode</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory domain object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. All values are for the domainDNS object that represents the domain. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A DNS domain name -- A NetBIOS domain name </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a domain object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDomain</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="3" aliases=""><maml:name>DomainMode</maml:name><maml:description><maml:para>Specifies the domain functional level of the first domain in the creation of a new forest. Supported values for this parameter can be either a valid integer or a corresponding enumerated string value. For example, to set the domain mode level to Windows Server 2008 R2, you can specify either a value of 4 or Win2008R2Domain. </maml:para><maml:para>The following are the currently supported values: -- Windows Server 2003: 2 or Win2003Domain -- Windows Server 2008: 3 or Win2008Domain -- Windows Server 2008 R2: 4 or Win2008R2Domain -- Windows Server 2012: 5 or Win2012Domain -- Windows Server 2012 R2: 6 or Win2012R2Domain </maml:para><maml:para>The domain functional level cannot be lower than the forest functional level, but it can be higher. The default is automatically computed and set.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">UnknownDomain</command:parameterValue><command:parameterValue required="true" variableLength="false">Windows2000Domain</command:parameterValue><command:parameterValue required="true" variableLength="false">Windows2003InterimDomain</command:parameterValue><command:parameterValue required="true" variableLength="false">Windows2003Domain</command:parameterValue><command:parameterValue required="true" variableLength="false">Windows2008Domain</command:parameterValue><command:parameterValue required="true" variableLength="false">Windows2008R2Domain</command:parameterValue><command:parameterValue required="true" variableLength="false">Windows2012Domain</command:parameterValue><command:parameterValue required="true" variableLength="false">Windows2012R2Domain</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="3" aliases=""><maml:name>DomainMode</maml:name><maml:description><maml:para>Specifies the domain functional level of the first domain in the creation of a new forest. Supported values for this parameter can be either a valid integer or a corresponding enumerated string value. For example, to set the domain mode level to Windows Server 2008 R2, you can specify either a value of 4 or Win2008R2Domain. </maml:para><maml:para>The following are the currently supported values: -- Windows Server 2003: 2 or Win2003Domain -- Windows Server 2008: 3 or Win2008Domain -- Windows Server 2008 R2: 4 or Win2008R2Domain -- Windows Server 2012: 5 or Win2012Domain -- Windows Server 2012 R2: 6 or Win2012R2Domain </maml:para><maml:para>The domain functional level cannot be lower than the forest functional level, but it can be higher. The default is automatically computed and set.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDomainMode</command:parameterValue><dev:type><maml:name>ADDomainMode</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory domain object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. All values are for the domainDNS object that represents the domain. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A DNS domain name -- A NetBIOS domain name </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a domain object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDomain</command:parameterValue><dev:type><maml:name>ADDomain</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADDomain</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A domain object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADDomain</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the modified domain object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work when connected to Global Catalog port. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Set-ADDomainMode -Identity fabrikam.com -DomainMode Windows2003Domain </dev:code><dev:remarks><maml:para>This command sets the DomainMode property of the fabrikam.com domain to Windows2003Domain. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> $pdc = Get-ADDomainController -Discover -Service PrimaryDC PS C:\> Set-ADDomainMode -Identity $pdc.Domain -Server $pdc.HostName[0] -DomainMode Windows2003Domain </dev:code><dev:remarks><maml:para>This example sets the DomainMode of the current logged on user's domain to Windows2003Domain. The set operation targets the PrimaryDC FSMO to apply the update. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291117</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADDomain</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADFineGrainedPasswordPolicy</command:name><maml:description><maml:para>Modifies an Active Directory fine-grained password policy.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADFineGrainedPasswordPolicy</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADFineGrainedPasswordPolicy cmdlet modifies the properties of an Active Directory fine-grained password policy. You can modify commonly used property values by using the cmdlet parameters. Property values that are not associated with cmdlet parameters can be modified by using the Add, Replace, Clear, and Remove parameters. </maml:para><maml:para>The Identity parameter specifies the Active Directory fine-grained password policy to modify. You can identify a fine-grained password policy by its distinguished name (DN), GUID or name. You can also set the Identity parameter to an object variable such as $<localFineGrainedPasswordPolicyObject>, or you can pass an object through the pipeline to the Identity parameter. For example, you can use the Get-ADFineGrainedPasswordPolicy cmdlet to retrieve a fine-grained password policy object and then pass the object through the pipeline operator to the Set-ADFineGrainedPasswordPolicy cmdlet. </maml:para><maml:para>The Instance parameter provides a way to update a fine-grained password policy object by applying the changes made to a copy of the object. When you set the Instance parameter to a copy of an Active Directory fine-grained password policy object that has been modified, the Set-ADFineGrainedPasswordPolicy cmdlet makes the same changes to the original fine-grained password policy object. To get a copy of the object to modify, use the Get-ADFineGrainedPasswordPolicy object. The Identity parameter is not allowed when you use the Instance parameter. For more information about the Instance parameter, see the Instance parameter description. For more information about how the Instance concept is used in Active Directory cmdlets, type Get-Help about_ActiveDirectory_Instance.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADFineGrainedPasswordPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory fine-grained password policy object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name (distinguishedName) -- A GUID (objectGUID) -- A Name (name) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline operator or you can set this parameter to a fine-grained password policy object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADFineGrainedPasswordPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is:</maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ComplexityEnabled</maml:name><maml:description><maml:para>Specifies whether password complexity is enabled for the password policy. If enabled, the password must contain three of the following four character types: -- Uppercase characters (A, B, C, D, E, ...) -- Lowercase characters (a, b, c, d, e, ...) -- Numerals (0, 1, 2, 3, ...) -- Special characters (#, $, *, %, ...)</maml:para><maml:para></maml:para><maml:para>This parameter sets the ComplexityEnabled property of a password policy. The acceptable values for this parameter are: -- $False or 0. Disables password complexity. -- $True or 1. Enables password complexity. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LockoutDuration</maml:name><maml:description><maml:para>Specifies the length of time that an account is locked after the number of failed login attempts exceeds the lockout threshold. You cannot login to an account that is locked until the lockout duration time period has expired. This parameter sets the lockoutDuration property of a password policy object. The LDAP display name (ldapDisplayName) of this property is msDS-LockoutDuration.</maml:para><maml:para>The lockout duration must be greater than or equal to the lockout observation time for a password policy. Use the LockOutObservationWindow parameter to set the lockout observation time. </maml:para><maml:para>Specify the lockout duration time interval in the following format: </maml:para><maml:para>[-]D.H:M:S.F </maml:para><maml:para>where: </maml:para><maml:para>D = Days (0 to 10675199) </maml:para><maml:para>H = Hours (0 to 23) </maml:para><maml:para>M = Minutes (0 to 59) </maml:para><maml:para>S = Seconds (0 to 59) </maml:para><maml:para>F= Fractions of a second (0 to 9999999) </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LockoutObservationWindow</maml:name><maml:description><maml:para>Specifies the maximum time interval between two unsuccessful login attempts before the number of unsuccessful login attempts is reset to 0. An account is locked when the number of unsuccessful login attempts exceeds the password policy lockout threshold. This parameter sets the lockoutObservationWindow property of a password policy object. The LDAP Display Name (ldapDisplayName) of this property is msDS-lockoutObservationWindow.</maml:para><maml:para>The lockout observation window must be smaller than or equal to the lockout duration for a password policy. Use the LockoutDuration parameter to set the lockout duration time. </maml:para><maml:para>Specify the time interval in the following format: </maml:para><maml:para>[-]D:H:M:S.F </maml:para><maml:para>where: </maml:para><maml:para>D = Days (0 to 10675199) </maml:para><maml:para>H = Hours (0 to 23) </maml:para><maml:para>M = Minutes (0 to 59) </maml:para><maml:para>S = Seconds (0 to 59) </maml:para><maml:para>F= Fractions of a second (0 to 9999999) </maml:para><maml:para>Note: Time values must be between the following values: 0:0:0:0.0 and 10675199:02:48:05.4775807. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LockoutThreshold</maml:name><maml:description><maml:para>Specifies the number of unsuccessful login attempts that are permitted before an account is locked out. This number increases when the time between unsuccessful login attempts is less than the time specified for the lockout observation time window. This parameter sets the LockoutThreshold property of a password policy. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>MaxPasswordAge</maml:name><maml:description><maml:para>Specifies the maximum length of time that you can have the same password. After this time period, the password expires and you must create a new one. </maml:para><maml:para>This parameter sets the maxPasswordAge property of a password policy. The LDAP Display Name (ldapDisplayName) for this property is maxPwdAge.</maml:para><maml:para>Specify the time interval in the following format: </maml:para><maml:para>[-]D.H:M:S.F </maml:para><maml:para>where: </maml:para><maml:para>[-] = Specifies a negative time interval </maml:para><maml:para>D = Days (0 to 10675199) </maml:para><maml:para>H = Hours (0 to 23) </maml:para><maml:para>M = Minutes (0 to 59) </maml:para><maml:para>S = Seconds (0 to 59) </maml:para><maml:para>F= Fractions of a second (0 to 9999999) </maml:para><maml:para>Note: Time values must be between the following values: -10675199:02:48:05.4775808 and 10675199:02:48:05.4775807. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>MinPasswordAge</maml:name><maml:description><maml:para>Specifies the minimum length of time before you can change a password. </maml:para><maml:para>This parameter sets the minPasswordAge property of a password policy. The LDAP Display Name (ldapDisplayName) for this property is minPwdAge.</maml:para><maml:para>Specify the time interval in the following format: </maml:para><maml:para>[-]D.H:M:S.F </maml:para><maml:para>where: </maml:para><maml:para>[-] = Specifies a negative time interval </maml:para><maml:para>D = Days (0 to 10675199) </maml:para><maml:para>H = Hours (0 to 23) </maml:para><maml:para>M = Minutes (0 to 59) </maml:para><maml:para>S = Seconds (0 to 59) </maml:para><maml:para>F= Fractions of a second (0 to 9999999) </maml:para><maml:para>Note: Time values must be between the following values: -10675199:02:48:05.4775808 and 10675199:02:48:05.4775807. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>MinPasswordLength</maml:name><maml:description><maml:para>Specifies the minimum number of characters that a password must contain. This parameter sets the MinPasswordLength property of the password policy. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PasswordHistoryCount</maml:name><maml:description><maml:para>Specifies the number of previous passwords to save. A user cannot reuse a password in the list of saved passwords. This parameter sets the PasswordHistoryCount property for a password policy. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Precedence</maml:name><maml:description><maml:para>Specifies a value that defines the precedence of a fine-grained password policy among all fine-grained password policies. This parameter sets the Precedence property for a fine-grained password policy. The LDAP display name (ldapDisplayName) for this property is msDS-PasswordSettingsPrecedence.</maml:para><maml:para>This value determines which password policy to use when more than one password policy applies to a user or group. When there is a conflict, the password policy that has the lower Precedence property value has higher priority. For example, if PasswordPolicy1 has a Precedence property value of 200 and PasswordPolicy2 has a Precedence property value of 100, PasswordPolicy2 is used. </maml:para><maml:para>Typically, password policy precedence values are assigned in multiples of 10 or 100, making it easier to add policies at a later time. For example, if you set the initial precedence values for your policies to 100 and 200, you can add another policy that has precedence value of 150. </maml:para><maml:para>If the specified Precedence parameter is already assigned to another password policy object, the cmdlet returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1 </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is: </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ReversibleEncryptionEnabled</maml:name><maml:description><maml:para>Specifies whether the directory must store passwords using reversible encryption. This parameter sets the ReversibleEncryption property for a password policy. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services, or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADFineGrainedPasswordPolicy</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services, or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies a modified copy of a fine-grained password policy object to use to update the actual Active Directory fine-grained password policy object. When this parameter is used, any modifications made to the modified copy of the object are also made to the corresponding Active Directory object. The cmdlet only updates the object properties that have changed. </maml:para><maml:para>The Instance parameter can only update fine-grained password policy objects that have been retrieved by using the Get-ADFineGrainedPasswordPolicy cmdlet. When you specify the Instance parameter, you cannot specify other parameters that set properties on the object. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADFineGrainedPasswordPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is:</maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ComplexityEnabled</maml:name><maml:description><maml:para>Specifies whether password complexity is enabled for the password policy. If enabled, the password must contain three of the following four character types: -- Uppercase characters (A, B, C, D, E, ...) -- Lowercase characters (a, b, c, d, e, ...) -- Numerals (0, 1, 2, 3, ...) -- Special characters (#, $, *, %, ...)</maml:para><maml:para></maml:para><maml:para>This parameter sets the ComplexityEnabled property of a password policy. The acceptable values for this parameter are: -- $False or 0. Disables password complexity. -- $True or 1. Enables password complexity. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory fine-grained password policy object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name (distinguishedName) -- A GUID (objectGUID) -- A Name (name) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline operator or you can set this parameter to a fine-grained password policy object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADFineGrainedPasswordPolicy</command:parameterValue><dev:type><maml:name>ADFineGrainedPasswordPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies a modified copy of a fine-grained password policy object to use to update the actual Active Directory fine-grained password policy object. When this parameter is used, any modifications made to the modified copy of the object are also made to the corresponding Active Directory object. The cmdlet only updates the object properties that have changed. </maml:para><maml:para>The Instance parameter can only update fine-grained password policy objects that have been retrieved by using the Get-ADFineGrainedPasswordPolicy cmdlet. When you specify the Instance parameter, you cannot specify other parameters that set properties on the object. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADFineGrainedPasswordPolicy</command:parameterValue><dev:type><maml:name>ADFineGrainedPasswordPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LockoutDuration</maml:name><maml:description><maml:para>Specifies the length of time that an account is locked after the number of failed login attempts exceeds the lockout threshold. You cannot login to an account that is locked until the lockout duration time period has expired. This parameter sets the lockoutDuration property of a password policy object. The LDAP display name (ldapDisplayName) of this property is msDS-LockoutDuration.</maml:para><maml:para>The lockout duration must be greater than or equal to the lockout observation time for a password policy. Use the LockOutObservationWindow parameter to set the lockout observation time. </maml:para><maml:para>Specify the lockout duration time interval in the following format: </maml:para><maml:para>[-]D.H:M:S.F </maml:para><maml:para>where: </maml:para><maml:para>D = Days (0 to 10675199) </maml:para><maml:para>H = Hours (0 to 23) </maml:para><maml:para>M = Minutes (0 to 59) </maml:para><maml:para>S = Seconds (0 to 59) </maml:para><maml:para>F= Fractions of a second (0 to 9999999) </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue><dev:type><maml:name>TimeSpan</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LockoutObservationWindow</maml:name><maml:description><maml:para>Specifies the maximum time interval between two unsuccessful login attempts before the number of unsuccessful login attempts is reset to 0. An account is locked when the number of unsuccessful login attempts exceeds the password policy lockout threshold. This parameter sets the lockoutObservationWindow property of a password policy object. The LDAP Display Name (ldapDisplayName) of this property is msDS-lockoutObservationWindow.</maml:para><maml:para>The lockout observation window must be smaller than or equal to the lockout duration for a password policy. Use the LockoutDuration parameter to set the lockout duration time. </maml:para><maml:para>Specify the time interval in the following format: </maml:para><maml:para>[-]D:H:M:S.F </maml:para><maml:para>where: </maml:para><maml:para>D = Days (0 to 10675199) </maml:para><maml:para>H = Hours (0 to 23) </maml:para><maml:para>M = Minutes (0 to 59) </maml:para><maml:para>S = Seconds (0 to 59) </maml:para><maml:para>F= Fractions of a second (0 to 9999999) </maml:para><maml:para>Note: Time values must be between the following values: 0:0:0:0.0 and 10675199:02:48:05.4775807. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue><dev:type><maml:name>TimeSpan</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LockoutThreshold</maml:name><maml:description><maml:para>Specifies the number of unsuccessful login attempts that are permitted before an account is locked out. This number increases when the time between unsuccessful login attempts is less than the time specified for the lockout observation time window. This parameter sets the LockoutThreshold property of a password policy. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>MaxPasswordAge</maml:name><maml:description><maml:para>Specifies the maximum length of time that you can have the same password. After this time period, the password expires and you must create a new one. </maml:para><maml:para>This parameter sets the maxPasswordAge property of a password policy. The LDAP Display Name (ldapDisplayName) for this property is maxPwdAge.</maml:para><maml:para>Specify the time interval in the following format: </maml:para><maml:para>[-]D.H:M:S.F </maml:para><maml:para>where: </maml:para><maml:para>[-] = Specifies a negative time interval </maml:para><maml:para>D = Days (0 to 10675199) </maml:para><maml:para>H = Hours (0 to 23) </maml:para><maml:para>M = Minutes (0 to 59) </maml:para><maml:para>S = Seconds (0 to 59) </maml:para><maml:para>F= Fractions of a second (0 to 9999999) </maml:para><maml:para>Note: Time values must be between the following values: -10675199:02:48:05.4775808 and 10675199:02:48:05.4775807. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue><dev:type><maml:name>TimeSpan</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>MinPasswordAge</maml:name><maml:description><maml:para>Specifies the minimum length of time before you can change a password. </maml:para><maml:para>This parameter sets the minPasswordAge property of a password policy. The LDAP Display Name (ldapDisplayName) for this property is minPwdAge.</maml:para><maml:para>Specify the time interval in the following format: </maml:para><maml:para>[-]D.H:M:S.F </maml:para><maml:para>where: </maml:para><maml:para>[-] = Specifies a negative time interval </maml:para><maml:para>D = Days (0 to 10675199) </maml:para><maml:para>H = Hours (0 to 23) </maml:para><maml:para>M = Minutes (0 to 59) </maml:para><maml:para>S = Seconds (0 to 59) </maml:para><maml:para>F= Fractions of a second (0 to 9999999) </maml:para><maml:para>Note: Time values must be between the following values: -10675199:02:48:05.4775808 and 10675199:02:48:05.4775807. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">TimeSpan</command:parameterValue><dev:type><maml:name>TimeSpan</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>MinPasswordLength</maml:name><maml:description><maml:para>Specifies the minimum number of characters that a password must contain. This parameter sets the MinPasswordLength property of the password policy. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PasswordHistoryCount</maml:name><maml:description><maml:para>Specifies the number of previous passwords to save. A user cannot reuse a password in the list of saved passwords. This parameter sets the PasswordHistoryCount property for a password policy. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Precedence</maml:name><maml:description><maml:para>Specifies a value that defines the precedence of a fine-grained password policy among all fine-grained password policies. This parameter sets the Precedence property for a fine-grained password policy. The LDAP display name (ldapDisplayName) for this property is msDS-PasswordSettingsPrecedence.</maml:para><maml:para>This value determines which password policy to use when more than one password policy applies to a user or group. When there is a conflict, the password policy that has the lower Precedence property value has higher priority. For example, if PasswordPolicy1 has a Precedence property value of 200 and PasswordPolicy2 has a Precedence property value of 100, PasswordPolicy2 is used. </maml:para><maml:para>Typically, password policy precedence values are assigned in multiples of 10 or 100, making it easier to add policies at a later time. For example, if you set the initial precedence values for your policies to 100 and 200, you can add another policy that has precedence value of 150. </maml:para><maml:para>If the specified Precedence parameter is already assigned to another password policy object, the cmdlet returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1 </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is: </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ReversibleEncryptionEnabled</maml:name><maml:description><maml:para>Specifies whether the directory must store passwords using reversible encryption. This parameter sets the ReversibleEncryption property for a password policy. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services, or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A fine-grained password policy object is received by the Identity parameter. </maml:para><maml:para>A fine-grained password policy object that was retrieved by using the Get-ADFineGrainedPasswordPolicy cmdlet and then modified is received by the Instance parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the modified fine-grained password policy object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADFineGrainedPasswordPolicy -Identity MyPolicy -Precedence 100 -LockoutDuration 00:40:00 -LockoutObservationWindow 00:20:00 -ComplexityEnabled $True -ReversibleEncryptionEnabled $false -MinPasswordLength 12 </dev:code><dev:remarks><maml:para>This command updates the Precedence, LockoutDuration, LockoutObservationWindow, ComplexityEnabled, ReversibleEncryptionEnabled, and MinPasswordLength properties on the FineGrainedPasswordPolicy object with name MyPolicy. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADFineGrainedPasswordPolicy -Identity 'CN=MyPolicy,CN=Password Settings Container,CN=System,DC=FABRIKAM,DC=COM' -MinPasswordLength 12 </dev:code><dev:remarks><maml:para>This command sets the MinPasswordLength property on the FineGrainedPasswordPolicy object with distinguished name CN=MyPolicy,CN=Password Settings Container,CN=System,DC=FABRIKAM,DC=COM. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$fgpp = Get-ADFineGrainedPasswordPolicy -Identity MyPolicy PS C:\> $fgpp.LockoutObservationWindow = [TimeSpan]::Parse("0.00:15:00") PS C:\> $fgpp.LockoutThreshold = 10 PS C:\> $fgpp.MinPasswordLength = 8 PS C:\> $fgpp.PasswordHistoryCount = 24 PS C:\> Set-ADFineGrainedPasswordPolicy -Instance $fgpp </dev:code><dev:remarks><maml:para>This example gets the FineGrainedPasswordPolicy object with name MyPolicy, updates a set of properties on the object, and then writes the modifications back to the directory using the Instance parameter. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADFineGrainedPasswordPolicy -Identity "Level3Policy" | Set-ADFineGrainedPasswordPolicy -Precedence 150 </dev:code><dev:remarks><maml:para>This command modifies the Precedence property for the fine-grained password policy named Level3Policy. The command uses the Get-ADFineGrainedPasswordPolicy cmdlet to get the fine-grained password policy, and then passes the policy to the current cmdlet by using the pipeline operator. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291118</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADFineGrainedPasswordPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADFineGrainedPasswordPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADFineGrainedPasswordPolicy</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADForest</command:name><maml:description><maml:para>Modifies an Active Directory forest.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADForest</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADForest cmdlet modifies the properties of an Active Directory forest. You can modify commonly used property values by using the cmdlet parameters. Property values that are not associated with cmdlet parameters can be modified by using the Add, Replace, Clear and Remove parameters. </maml:para><maml:para>The Identity parameter specifies the Active Directory forest to modify. You can identify a forest by its fully qualified domain name (FQDN), GUID, DNS host name, or NetBIOS name. You can also set the Identity parameter to an object variable such as $<localADForestObject>, or you can pass an object through the pipeline to the Identity parameter. For example, you can use the Get-ADForest cmdlet to retrieve a forest object and then pass the object through the pipeline to the Set-ADForest cmdlet. </maml:para><maml:para>The Instance parameter provides a way to update a forest object by applying the changes made to a copy of the object. When you set the Instance parameter to a copy of an Active Directory forest object that has been modified, the Set-ADForest cmdlet makes the same changes to the original forest object. To get a copy of the object to modify, use the Get-ADForest object. The Identity parameter is not allowed when you use the Instance parameter. For more information about the Instance parameter, see the Instance parameter description. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADForest</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory forest object by providing one of the following attribute values. The identifier in parentheses is the LDAP display name for the attribute. -- A fully qualified domain name -- A GUID (objectGUID) -- A DNS host name -- A NetBIOS name </maml:para><maml:para></maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a forest object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADForest</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SPNSuffixes</maml:name><maml:description><maml:para>Modifies the list of service principal name (SPN) suffixes of the forest. This parameter sets the multi-valued msDS-SPNSuffixes property of the cross-reference container. This parameter uses the following syntax to add remove, replace, or clear SPN suffix values. </maml:para><maml:para>Syntax: </maml:para><maml:para>To add values: </maml:para><maml:para>-SPNSuffixes @{Add=value1,value2,...} </maml:para><maml:para>To remove values: </maml:para><maml:para>-SPNSuffixes @{Remove=value3,value4,...} </maml:para><maml:para>To replace values: </maml:para><maml:para>-SPNSuffixes @{Replace=value1,value2,...} </maml:para><maml:para>To clear all values: </maml:para><maml:para>-SPNSuffixes $null </maml:para><maml:para>You can specify more than one change by using a list separated by semicolons. For example, use the following syntax to add and remove SPN suffix values: </maml:para><maml:para>@{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UPNSuffixes</maml:name><maml:description><maml:para>Modifies the list of user principal name (UPN) suffixes of the forest. This parameter sets the multi-valued msDS-UPNSuffixes property of the cross-reference container. This parameter uses the following syntax to add remove, replace, or clear UPN suffix values. </maml:para><maml:para>Syntax: </maml:para><maml:para>To add values: </maml:para><maml:para>-UPNSuffixes @{Add=value1,value2,...} </maml:para><maml:para>To remove values: </maml:para><maml:para>-UPNSuffixes @{Remove=value3,value4,...} </maml:para><maml:para>To replace values: </maml:para><maml:para>-UPNSuffixes @{Replace=value1,value2,...} </maml:para><maml:para>To clear all values: </maml:para><maml:para>-UPNSuffixes $null </maml:para><maml:para>You can specify more than one change by using a list separated by semicolons. For example, use the following syntax to add and remove UPN suffix values: </maml:para><maml:para>@{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory forest object by providing one of the following attribute values. The identifier in parentheses is the LDAP display name for the attribute. -- A fully qualified domain name -- A GUID (objectGUID) -- A DNS host name -- A NetBIOS name </maml:para><maml:para></maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a forest object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADForest</command:parameterValue><dev:type><maml:name>ADForest</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SPNSuffixes</maml:name><maml:description><maml:para>Modifies the list of service principal name (SPN) suffixes of the forest. This parameter sets the multi-valued msDS-SPNSuffixes property of the cross-reference container. This parameter uses the following syntax to add remove, replace, or clear SPN suffix values. </maml:para><maml:para>Syntax: </maml:para><maml:para>To add values: </maml:para><maml:para>-SPNSuffixes @{Add=value1,value2,...} </maml:para><maml:para>To remove values: </maml:para><maml:para>-SPNSuffixes @{Remove=value3,value4,...} </maml:para><maml:para>To replace values: </maml:para><maml:para>-SPNSuffixes @{Replace=value1,value2,...} </maml:para><maml:para>To clear all values: </maml:para><maml:para>-SPNSuffixes $null </maml:para><maml:para>You can specify more than one change by using a list separated by semicolons. For example, use the following syntax to add and remove SPN suffix values: </maml:para><maml:para>@{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UPNSuffixes</maml:name><maml:description><maml:para>Modifies the list of user principal name (UPN) suffixes of the forest. This parameter sets the multi-valued msDS-UPNSuffixes property of the cross-reference container. This parameter uses the following syntax to add remove, replace, or clear UPN suffix values. </maml:para><maml:para>Syntax: </maml:para><maml:para>To add values: </maml:para><maml:para>-UPNSuffixes @{Add=value1,value2,...} </maml:para><maml:para>To remove values: </maml:para><maml:para>-UPNSuffixes @{Remove=value3,value4,...} </maml:para><maml:para>To replace values: </maml:para><maml:para>-UPNSuffixes @{Replace=value1,value2,...} </maml:para><maml:para>To clear all values: </maml:para><maml:para>-UPNSuffixes $null </maml:para><maml:para>You can specify more than one change by using a list separated by semicolons. For example, use the following syntax to add and remove UPN suffix values: </maml:para><maml:para>@{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADForest</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A forest object is received by the Identity parameter. </maml:para><maml:para>A forest object that was retrieved by using the Get-ADForest cmdlet and then modified is received by the Instance parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADForest</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the modified forest object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADForest -Identity fabrikam.com -UPNSuffixes @{replace="fabrikam.com","fabrikam","corp.fabrikam.com"} </dev:code><dev:remarks><maml:para>This command sets the UPNSuffixes property on the fabrikam.com forest. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADForest -Identity fabrikam.com -SPNSuffixes @{add="corp.fabrikam.com"} </dev:code><dev:remarks><maml:para>This command adds corp.fabrikam.com to the SPNSuffixes property on the forest fabrikam.com.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADForest | Set-ADForest -SPNSuffixes @{Add="corp.fabrikam.com";Remove="fabrikam"} </dev:code><dev:remarks><maml:para>This command gets the forest of the current logged on user and updates the SPNSuffixes property. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADForest | Set-ADForest -UPNSuffixes $Null </dev:code><dev:remarks><maml:para>This command gets the forest of the current logged on user and clears the UPNSuffixes property. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$Forest = Get-ADForest -Identity fabrikam.com PS C:\> $Forest.UPNSuffixes = "fabrikam.com","fabrikam","corp.fabrikam.com" PS C:\> Set-ADForest -Instance $Forest </dev:code><dev:remarks><maml:para>This example modifies the UPNSuffixes property for the fabrikam.com forest. The example modifies a local instance of the fabrikam.com forest, and then specifies the Instance parameter for the current cmdlet as the local instance. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291119</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADForest</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADForestMode</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADForestMode</command:name><maml:description><maml:para>Sets the forest mode for an Active Directory forest.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADForestMode</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADForestMode cmdlet sets the Forest mode for an Active Directory forest. You specify the forest mode by setting the ForestMode parameter.</maml:para><maml:para>The Identity parameter specifies the Active Directory forest to modify. You can identify a forest by its fully qualified domain name (FQDN), GUID, DNS host name, or NetBIOS name. You can also specify the forest by passing a forest object through the pipeline. For example, you can use the Get-ADForest cmdlet to retrieve a forest object and then pass the object through the pipeline to the Set-ADForestMode cmdlet.</maml:para><maml:para>Set-ADForestMode will prompt for confirmation by default. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADForestMode</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory forest object by providing one of the following attribute values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A fully qualified domain name -- A GUID (objectGUID) -- A DNS host name -- A NetBIOS name</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a forest object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADForest</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="3" aliases=""><maml:name>ForestMode</maml:name><maml:description><maml:para>Specifies the forest mode for an Active Directory forest. The acceptable values for this parameter are: -- Windows2000Forest or 0 -- Windows2003InterimForest or 1 -- Windows2003Forest or 2 -- Windows2008Forest or 3 -- Windows2008R2Forest or 4 -- Windows2012Forest or 5 -- Windows2012R2Forest or 6</maml:para><maml:para></maml:para><maml:para>The values are listed in order of functionality from least to most. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">UnknownForest</command:parameterValue><command:parameterValue required="true" variableLength="false">Windows2000Forest</command:parameterValue><command:parameterValue required="true" variableLength="false">Windows2003InterimForest</command:parameterValue><command:parameterValue required="true" variableLength="false">Windows2003Forest</command:parameterValue><command:parameterValue required="true" variableLength="false">Windows2008Forest</command:parameterValue><command:parameterValue required="true" variableLength="false">Windows2008R2Forest</command:parameterValue><command:parameterValue required="true" variableLength="false">Windows2012Forest</command:parameterValue><command:parameterValue required="true" variableLength="false">Windows2012R2Forest</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="3" aliases=""><maml:name>ForestMode</maml:name><maml:description><maml:para>Specifies the forest mode for an Active Directory forest. The acceptable values for this parameter are: -- Windows2000Forest or 0 -- Windows2003InterimForest or 1 -- Windows2003Forest or 2 -- Windows2008Forest or 3 -- Windows2008R2Forest or 4 -- Windows2012Forest or 5 -- Windows2012R2Forest or 6</maml:para><maml:para></maml:para><maml:para>The values are listed in order of functionality from least to most. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADForestMode</command:parameterValue><dev:type><maml:name>ADForestMode</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory forest object by providing one of the following attribute values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A fully qualified domain name -- A GUID (objectGUID) -- A DNS host name -- A NetBIOS name</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to a forest object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADForest</command:parameterValue><dev:type><maml:name>ADForest</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADForest</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A forest object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADForest</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the modified forest object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADForestMode -Identity fabrikam.com -ForestMode Windows2003Forest </dev:code><dev:remarks><maml:para>This command sets the ForestMode to Windows2003Forest in the forest fabrikam.com.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$currentForest = Get-ADForest PS C:\> Set-ADForestMode -Identity $currentForest -Server $currentForest.SchemaMaster -ForestMode Windows2008R2Forest </dev:code><dev:remarks><maml:para>This example sets the forest mode of the current logged on user's forest. The set operation targets the Schema Master FSMO to apply the update. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291120</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADForest</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADGroup</command:name><maml:description><maml:para>Modifies an Active Directory group.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADGroup</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADGroup cmdlet modifies the properties of an Active Directory group. You can modify commonly used property values by using the cmdlet parameters. Property values that are not associated with cmdlet parameters can be modified by using the Add, Replace, Clear, and Remove parameters. </maml:para><maml:para>The Identity parameter specifies the Active Directory group to modify. You can identify a group by its distinguished name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. You can also set the Identity parameter to an object variable such as $<localGroupObject>, or you can pass a group object through the pipeline to the Identity parameter. For example, you can use the Get-ADGroup cmdlet to retrieve a group object and then pass the object through the pipeline to the Set-ADGroup cmdlet. </maml:para><maml:para>The Instance parameter provides a way to update a group object by applying the changes made to a copy of the object. When you set the Instance parameter to a copy of an Active Directory group object that has been modified, the Set-ADGroup cmdlet makes the same changes to the original group object. To get a copy of the object to modify, use the Get-ADGroup cmdlet. The Identity parameter is not allowed when you use the Instance parameter. For more information about the Instance parameter, see the Instance parameter description. For more information about how the Instance concept is used in Active Directory cmdlets, type Get-Help about_ActiveDirectory_Instance. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADGroup</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory group object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A Security Accounts Manager (SAM) Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADGroup</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon.. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>GroupCategory</maml:name><maml:description><maml:para>Specifies the category of the group. The acceptable values for this parameter are: -- Distribution or 0 -- Security or 1</maml:para><maml:para>This parameter sets the GroupCategory property of the group. This parameter value combined with other group values sets the LDAP Display Name (ldapDisplayName) attribute named groupType. </maml:para><maml:para></maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Distribution</command:parameterValue><command:parameterValue required="true" variableLength="false">Security</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>GroupScope</maml:name><maml:description><maml:para>Specifies the group scope of the group. The acceptable values for this parameter are: -- DomainLocal or 0 -- Global or 1 -- Universal or 2</maml:para><maml:para>This parameter sets the GroupScope property of a group object to the specified value. The LDAP display name of this property is groupType.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">DomainLocal</command:parameterValue><command:parameterValue required="true" variableLength="false">Global</command:parameterValue><command:parameterValue required="true" variableLength="false">Universal</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HomePage</maml:name><maml:description><maml:para>Specifies the URL of the home page of the object. This parameter sets the homePage property of an Active Directory object. The LDAP Display Name (ldapDisplayName) for this property is wWWHomePage. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ManagedBy</maml:name><maml:description><maml:para>Specifies the user or group that manages the object by providing one of the following property values. Note: The identifier in parentheses is the LDAP display name for the property. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter sets the Active Directory attribute with an LDAP Display Name of managedBy. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADPrincipal</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is: </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SamAccountName</maml:name><maml:description><maml:para>Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. The maximum length of the description is 256 characters. To be compatible with older operating systems, create a SAM account name that is 20 characters or less. This parameter sets the SAMAccountName for an account object. The LDAP display name (ldapDisplayName) for this property is sAMAccountName.</maml:para><maml:para>Note: If the string value provided is not terminated with a $ character, the system adds one if needed. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADGroup</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies a modified copy of a group object to use to update the actual Active Directory group object. When this parameter is used, any modifications made to the modified copy of the object are also made to the corresponding Active Directory object. The cmdlet only updates the object properties that have changed. </maml:para><maml:para>The Instance parameter can only update group objects that have been retrieved by using the Get-ADGroup cmdlet. When you specify the Instance parameter, you cannot specify other parameters that set properties on the object. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADGroup</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon.. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>GroupCategory</maml:name><maml:description><maml:para>Specifies the category of the group. The acceptable values for this parameter are: -- Distribution or 0 -- Security or 1</maml:para><maml:para>This parameter sets the GroupCategory property of the group. This parameter value combined with other group values sets the LDAP Display Name (ldapDisplayName) attribute named groupType. </maml:para><maml:para></maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADGroupCategory</command:parameterValue><dev:type><maml:name>ADGroupCategory</maml:name><maml:uri /></dev:type><dev:defaultValue>Security</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>GroupScope</maml:name><maml:description><maml:para>Specifies the group scope of the group. The acceptable values for this parameter are: -- DomainLocal or 0 -- Global or 1 -- Universal or 2</maml:para><maml:para>This parameter sets the GroupScope property of a group object to the specified value. The LDAP display name of this property is groupType.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADGroupScope</command:parameterValue><dev:type><maml:name>ADGroupScope</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HomePage</maml:name><maml:description><maml:para>Specifies the URL of the home page of the object. This parameter sets the homePage property of an Active Directory object. The LDAP Display Name (ldapDisplayName) for this property is wWWHomePage. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory group object by providing one of the following values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A Security Accounts Manager (SAM) Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADGroup</command:parameterValue><dev:type><maml:name>ADGroup</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies a modified copy of a group object to use to update the actual Active Directory group object. When this parameter is used, any modifications made to the modified copy of the object are also made to the corresponding Active Directory object. The cmdlet only updates the object properties that have changed. </maml:para><maml:para>The Instance parameter can only update group objects that have been retrieved by using the Get-ADGroup cmdlet. When you specify the Instance parameter, you cannot specify other parameters that set properties on the object. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADGroup</command:parameterValue><dev:type><maml:name>ADGroup</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ManagedBy</maml:name><maml:description><maml:para>Specifies the user or group that manages the object by providing one of the following property values. Note: The identifier in parentheses is the LDAP display name for the property. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter sets the Active Directory attribute with an LDAP Display Name of managedBy. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADPrincipal</command:parameterValue><dev:type><maml:name>ADPrincipal</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is: </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SamAccountName</maml:name><maml:description><maml:para>Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. The maximum length of the description is 256 characters. To be compatible with older operating systems, create a SAM account name that is 20 characters or less. This parameter sets the SAMAccountName for an account object. The LDAP display name (ldapDisplayName) for this property is sAMAccountName.</maml:para><maml:para>Note: If the string value provided is not terminated with a $ character, the system adds one if needed. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADGroup</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A group object is received by the Identity parameter. </maml:para><maml:para>A group object that was retrieved by using the Get-ADGroup cmdlet and then modified is received by the Instance parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADGroup</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the modified group object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADGroup -Server localhost:60000 -Identity "CN=AccessControl,DC=AppNC" -Description "Access Group" -Passthru DistinguishedName : CN=AccessControl,DC=AppNC GroupCategory : Security GroupScope : DomainLocal Name : AccessControl ObjectClass : group ObjectGUID : d65f5e8f-36da-4390-9840-8b9fde6282fc SID : S-1-510474493-936115905-2782881406-1264922549-3814061485-1557022459 </dev:code><dev:remarks><maml:para>This command sets the description property of the group AccessControl to Access Group on an ADAM instance.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADGroup -Filter 'name -like "Access*"' | Set-ADGroup -Description "Access Group" </dev:code><dev:remarks><maml:para>This command modifies the description on all groups that have a name that starts with access by using the pipeline operator.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$group = Get-ADGroup -Server localhost:60000 -Identity "CN=AccessControl,DC=AppNC" PS C:\> $group.description = "Access Group" PS C:\> Set-ADGroup -Instance $group -Passthru DistinguishedName : CN=AccessControl,DC=AppNC GroupCategory : Security GroupScope : DomainLocal Name : AccessControl ObjectClass : group ObjectGUID : d65f5e8f-36da-4390-9840-8b9fde6282fc SID : S-1-510474493-936115905-2782881406-1264922549-3814061485-1557022459 </dev:code><dev:remarks><maml:para>This example sets the description property on the AccessControl group by using the Instance parameter. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291121</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ADGroupMember</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ADPrincipalGroupMembership</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADGroup</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADGroupMember</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADPrincipalGroupMembership</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADGroup</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADGroup</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADGroupMember</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADPrincipalGroupMembership</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADObject</command:name><maml:description><maml:para>Modifies an Active Directory object.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADObject</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADObject cmdlet modifies the properties of an Active Directory object. You can modify commonly used property values by using the cmdlet parameters. Property values that are not associated with cmdlet parameters can be modified by using the Add, Replace, Clear and Remove parameters. </maml:para><maml:para>The Identity parameter specifies the Active Directory object to modify. You can identify an object by its distinguished name (DN) or GUID. You can also set the Identity parameter to an object variable such as $<localObject>, or you can pass an object through the pipeline to the Identity parameter. For example, you can use the Get-ADObject cmdlet to retrieve an object and then pass the object through the pipeline to the Set-ADObject cmdlet. </maml:para><maml:para>The Instance parameter provides a way to update an object by applying the changes made to a copy of the object. When you set the Instance parameter to a copy of an Active Directory object that has been modified, the Set-ADObject cmdlet makes the same changes to the original object. To get a copy of the object to modify, use the Get-ADObject object. The Identity parameter is not allowed when you use the Instance parameter. For more information about the Instance parameter, see the Instance parameter description. For more information about how the Instance concept is used in Active Directory cmdlets, type Get-Help about_ActiveDirectory_Instance. </maml:para><maml:para>For AD LDS environments, the Partition parameter must be specified except in the following two conditions: -- The cmdlet is run from an Active Directory provider drive. -- A default naming context or partition is defined for the AD LDS environment. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADObject</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- Distinguished Name -- GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy -- Microsoft.ActiveDirectory.Management.ADDomain</maml:para><maml:para>This example shows how to set this parameter to an ADObject object instance named ADObjectInstance.</maml:para><maml:para>-Identity $ADObjectInstance </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADObject</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>For example, if you want to remove the value 555-222-2222 and add the values 555-222-1111 and 555-222-3333 to Phone-Office-Other attribute (LDAP display name 'otherTelephone'), and add the value 555-222-9999 to Phone-Mobile-Other (LDAP display name 'otherMobile'), set the Add and Remove parameters as follows: </maml:para><maml:para>-Add @{otherTelephone='555-222-1111', '555-222-3333'; otherMobile='555-222-9999' } -Remove @{otherTelephone='555-222-2222'} </maml:para><maml:para>When you use the Add, Remove, Replace and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>For example, if you want to clear the value for the Phone-Office-Other attribute (LDAP display name 'otherTelephone') set the Clear parameter as follows: </maml:para><maml:para>-Clear otherTelephone </maml:para><maml:para>When you use the Add, Remove, Replace and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description. </maml:para><maml:para>The following example shows how to set this parameter to a sample description. </maml:para><maml:para>-Description "Description of the object" </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName. </maml:para><maml:para>The following example shows how to set this parameter. </maml:para><maml:para>-DisplayName "Sara Davis Laptop" </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>The following two examples show how to specify a value for this parameter. </maml:para><maml:para>-Partition "CN=Configuration,DC=EUROPE,DC=TEST,DC=CONTOSO,DC=COM" </maml:para><maml:para>-Partition "CN=Schema,CN=Configuration,DC=EUROPE,DC=TEST,DC=CONTOSO,DC=COM" </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: </maml:para><maml:para>-- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: </maml:para><maml:para>-- $False or 0 -- $True or 1 </maml:para><maml:para>The following example shows how to set this parameter to true. </maml:para><maml:para>-ProtectedFromAccidentalDeletion $true </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>For example, if you want to add the values blue and green and remove the value pink from a property with a LDAP display name of FavColors, set the Add and Remove parameters as follows. </maml:para><maml:para>-Add @{FavColors=Blue,Green} -Remove {FavColors=Pink} </maml:para><maml:para>When you use the Add, Remove, Replace and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>For example, if you want to replace the value 555-222-2222 with the values 555-222-1111 for Phone-Office-Other attribute (LDAP display name 'otherTelephone') set the Replace parameter as follows. </maml:para><maml:para>-Replace @{otherTelephone='555-222-2222', '555-222-1111'} </maml:para><maml:para>When you use the Add, Remove, Replace and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Domain name values: -- Fully qualified domain name -- NetBIOS name </maml:para><maml:para>Directory server values: -- Fully qualified directory server name -- A NetBIOS name -- Fully qualified directory server name and port </maml:para><maml:para>The default value for the Server parameter is determined by one of the following methods in the order that they are listed: -- By using Server value from objects passed through the pipeline. -- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. -- By using the domain of the computer running PowerShell. </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>The following example shows how to specify a full qualified domain name as the parameter value. </maml:para><maml:para>-Server "corp.contoso.com" </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADObject</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Domain name values: -- Fully qualified domain name -- NetBIOS name </maml:para><maml:para>Directory server values: -- Fully qualified directory server name -- A NetBIOS name -- Fully qualified directory server name and port </maml:para><maml:para>The default value for the Server parameter is determined by one of the following methods in the order that they are listed: -- By using Server value from objects passed through the pipeline. -- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. -- By using the domain of the computer running PowerShell. </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>The following example shows how to specify a full qualified domain name as the parameter value. </maml:para><maml:para>-Server "corp.contoso.com" </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies a modified copy of an Active Directory object to use to update the actual Active Directory object. When this parameter is used, any modifications made to the modified copy of the object are also made to the corresponding Active Directory object. The cmdlet only updates the object properties that have changed. </maml:para><maml:para>The Instance parameter can only update Active Directory objects that have been retrieved by using the Get-ADObject cmdlet. When you specify the Instance parameter, you cannot specify other parameters that set properties on the object. </maml:para><maml:para>The following is an example of how to use the Get-ADObject cmdlet to retrieve an instance of the object. The object is modified by using the Windows PowerShell command line. Then the Set-ADObject cmdlet saves the changes to the Active Directory object. </maml:para><maml:para>Step 1: Retrieve a local instance of the object. </maml:para><maml:para>$objectInstance = Get-ADObject -Identity "CN=someObject, DC=contoso,DC=com" </maml:para><maml:para>Step 2: Modify one or more properties of the object instance. </maml:para><maml:para>$objectInstance.Description = "New Description" </maml:para><maml:para>Step3: Save your changes to the object </maml:para><maml:para>Set-ADObject -Instance $objectInstance </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADObject</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>For example, if you want to remove the value 555-222-2222 and add the values 555-222-1111 and 555-222-3333 to Phone-Office-Other attribute (LDAP display name 'otherTelephone'), and add the value 555-222-9999 to Phone-Mobile-Other (LDAP display name 'otherMobile'), set the Add and Remove parameters as follows: </maml:para><maml:para>-Add @{otherTelephone='555-222-1111', '555-222-3333'; otherMobile='555-222-9999' } -Remove @{otherTelephone='555-222-2222'} </maml:para><maml:para>When you use the Add, Remove, Replace and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>For example, if you want to clear the value for the Phone-Office-Other attribute (LDAP display name 'otherTelephone') set the Clear parameter as follows: </maml:para><maml:para>-Clear otherTelephone </maml:para><maml:para>When you use the Add, Remove, Replace and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description. </maml:para><maml:para>The following example shows how to set this parameter to a sample description. </maml:para><maml:para>-Description "Description of the object" </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName. </maml:para><maml:para>The following example shows how to set this parameter. </maml:para><maml:para>-DisplayName "Sara Davis Laptop" </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- Distinguished Name -- GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy -- Microsoft.ActiveDirectory.Management.ADDomain</maml:para><maml:para>This example shows how to set this parameter to an ADObject object instance named ADObjectInstance.</maml:para><maml:para>-Identity $ADObjectInstance </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADObject</command:parameterValue><dev:type><maml:name>ADObject</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies a modified copy of an Active Directory object to use to update the actual Active Directory object. When this parameter is used, any modifications made to the modified copy of the object are also made to the corresponding Active Directory object. The cmdlet only updates the object properties that have changed. </maml:para><maml:para>The Instance parameter can only update Active Directory objects that have been retrieved by using the Get-ADObject cmdlet. When you specify the Instance parameter, you cannot specify other parameters that set properties on the object. </maml:para><maml:para>The following is an example of how to use the Get-ADObject cmdlet to retrieve an instance of the object. The object is modified by using the Windows PowerShell command line. Then the Set-ADObject cmdlet saves the changes to the Active Directory object. </maml:para><maml:para>Step 1: Retrieve a local instance of the object. </maml:para><maml:para>$objectInstance = Get-ADObject -Identity "CN=someObject, DC=contoso,DC=com" </maml:para><maml:para>Step 2: Modify one or more properties of the object instance. </maml:para><maml:para>$objectInstance.Description = "New Description" </maml:para><maml:para>Step3: Save your changes to the object </maml:para><maml:para>Set-ADObject -Instance $objectInstance </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADObject</command:parameterValue><dev:type><maml:name>ADObject</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>The following two examples show how to specify a value for this parameter. </maml:para><maml:para>-Partition "CN=Configuration,DC=EUROPE,DC=TEST,DC=CONTOSO,DC=COM" </maml:para><maml:para>-Partition "CN=Schema,CN=Configuration,DC=EUROPE,DC=TEST,DC=CONTOSO,DC=COM" </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: </maml:para><maml:para>-- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: </maml:para><maml:para>-- $False or 0 -- $True or 1 </maml:para><maml:para>The following example shows how to set this parameter to true. </maml:para><maml:para>-ProtectedFromAccidentalDeletion $true </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>For example, if you want to add the values blue and green and remove the value pink from a property with a LDAP display name of FavColors, set the Add and Remove parameters as follows. </maml:para><maml:para>-Add @{FavColors=Blue,Green} -Remove {FavColors=Pink} </maml:para><maml:para>When you use the Add, Remove, Replace and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>For example, if you want to replace the value 555-222-2222 with the values 555-222-1111 for Phone-Office-Other attribute (LDAP display name 'otherTelephone') set the Replace parameter as follows. </maml:para><maml:para>-Replace @{otherTelephone='555-222-2222', '555-222-1111'} </maml:para><maml:para>When you use the Add, Remove, Replace and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Domain name values: -- Fully qualified domain name -- NetBIOS name </maml:para><maml:para>Directory server values: -- Fully qualified directory server name -- A NetBIOS name -- Fully qualified directory server name and port </maml:para><maml:para>The default value for the Server parameter is determined by one of the following methods in the order that they are listed: -- By using Server value from objects passed through the pipeline. -- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. -- By using the domain of the computer running PowerShell. </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para>The following example shows how to specify a full qualified domain name as the parameter value. </maml:para><maml:para>-Server "corp.contoso.com" </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADObject</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An Active Directory object is received by the Identity parameter. Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADOrganizationalUnit -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy -- Microsoft.ActiveDirectory.Management.ADDomain</maml:para><maml:para></maml:para><maml:para>An object that was retrieved by using the Get-ADObject cmdlet and then modified is received by the Instance parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADObject</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the modified object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADObject -Identity 'CN=AntonioAl Direct Reports,OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM' -Description 'Distribution List of Antonio Alwan Direct Reports' </dev:code><dev:remarks><maml:para>This command sets the Description property on the object with DistinguishedName CN=AntonioAl Direct Reports,OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADObject -Identity 'CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM' -Add @{siteList='CN=BO3,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM'} -Partition 'CN=Configuration,DC=FABRIKAM,DC=COM' </dev:code><dev:remarks><maml:para>This command adds the site CN=BO3,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM to the property siteList on the object with DistinguishedName CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$urlValues = @() PS C:\> $urlValues += "www.contoso.com" PS C:\> $urlValues += "www.fabrikam.com" PS C:\>Set-ADObject -Identity "cdadd380-d3a8-4fd1-9d30-5cf72d94a056" -Add @{url=$urlValues} </dev:code><dev:remarks><maml:para>This command adds two new urls to the property urlValues in the object with objectGuid cdadd380-d3a8-4fd1-9d30-5cf72d94a056. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$urlValues = @() PS C:\> $urlValues += "www.contoso.com" PS C:\> $urlValues += "www.fabrikam.com" PS C:\> Set-ADObject -Identity "cdadd380-d3a8-4fd1-9d30-5cf72d94a056" -Replace @{url=$urlValues;description="Antonio Alwan"} </dev:code><dev:remarks><maml:para>This command replaces the old values of the multi-valued attribute url with the new values and sets the value of the attribute description. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADObject -Identity "cdadd380-d3a8-4fd1-9d30-5cf72d94a056" -Remove @{url="www.contoso.com"} -Replace @{description="Antonio Alwan (European Manager)"} </dev:code><dev:remarks><maml:para>This command removes the specified value from the attribute url and sets the value of the attribute description. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 6 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$myComp = Get-ADObject -Identity "cdadd380-d3a8-4fd1-9d30-5cf72d94a056" -Properties "userAccountControl","description" PS C:\> $myComp.userAccountControl = $myComp.userAccountControl -bor 50 PS C:\> $myComp.description = "Setting a new UAC on the object" PS C:\> Set-ADObject -Instance $myComp </dev:code><dev:remarks><maml:para>This command sets a new UAC bit on an object by updating the attribute userAccountControl and setting the value of the attribute description.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 7 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADObject -Identity "CN=InternalApps,DC=AppNC" -protectedFromAccidentalDeletion $True -Server "FABRIKAM-SRV1:60000" </dev:code><dev:remarks><maml:para>This command sets container CN=InternalApps,DC=AppNC in an LDS instance to be protected from accidental deletion. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 8 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADObject -Identity "SecurityLevel2AccessGroup" | Set-ADObject -DisplayName "Security Level 2" </dev:code><dev:remarks><maml:para>This command modifies the DisplayName property for the SecurityLevel2AccessGroup object. The command uses the Get-ADObject cmdlet to get the object, and then passes the object to the current cmdlet by using the pipeline operator. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291122</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADObject</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADOrganizationalUnit</command:name><maml:description><maml:para>Modifies an Active Directory organizational unit.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADOrganizationalUnit</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADOrganizationalUnit cmdlet modifies the properties of an Active Directory organizational unit. You can modify commonly used property values by using the cmdlet parameters. Property values that are not associated with cmdlet parameters can be modified by using the Add, Replace, Clear, and Remove parameters. </maml:para><maml:para>The Identity parameter specifies the Active Directory organizational unit to modify. You can identify an organizational unit by its distinguished name (DN) or GUID. </maml:para><maml:para>You can also set the Identity parameter to an object variable such as $<localADOrganizationalUnitObject>, or you can pass an object through the pipeline to the Identity parameter. For example, you can use the Get-ADOrganizationalUnit cmdlet to retrieve an organizational unit object and then pass the object through the pipeline to the Set-ADOrganizationalUnit cmdlet. </maml:para><maml:para>The Instance parameter provides a way to update an organizational unit object by applying the changes made to a copy of the object. When you set the Instance parameter to a copy of an Active Directory organizational unit object that has been modified, the Set-ADOrganizationalUnit cmdlet makes the same changes to the original organizational unit object. To get a copy of the object to modify, use the Get-ADOrganizationalUnit object. When you specify the Instance parameter you should not pass the Identity parameter. For more information about the Instance parameter, see the Instance parameter description. </maml:para><maml:para>For more information about how the Instance concept is used in Active Directory cmdlets, type Get-Help about_ActiveDirectory_Instance. </maml:para><maml:para>For AD LDS environments, the Partition parameter must be specified except in the following two conditions: -- The cmdlet is run from an Active Directory provider drive. -- A default naming context or partition is defined for the AD LDS environment. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADOrganizationalUnit</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy -- Microsoft.ActiveDirectory.Management.ADDomain</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADOrganizationalUnit</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon.. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>City</maml:name><maml:description><maml:para>Specifies the user's town or city. This parameter sets the City property of a user. The LDAP display name (ldapDisplayName) of this property is l.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Country</maml:name><maml:description><maml:para>Specifies the country or region code for the user's language of choice. This parameter sets the Country property of a user object. The LDAP Display Name (ldapDisplayName) of this property is c. This value is not used by Windows 2000. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ManagedBy</maml:name><maml:description><maml:para>Specifies the user or group that manages the object by providing one of the following property values. Note: The identifier in parentheses is the LDAP display name for the property. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter sets the Active Directory attribute with an LDAP Display Name of managedBy.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADPrincipal</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PostalCode</maml:name><maml:description><maml:para>Specifies the user's postal code or zip code. This parameter sets the PostalCode property of a user. The LDAP Display Name (ldapDisplayName) of this property is postalCode.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is: </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is:</maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>State</maml:name><maml:description><maml:para>Specifies the user's or Organizational Unit's state or province. This parameter sets the State property of a User or Organizational Unit object. The LDAP display name (ldapDisplayName) of this property is st.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>StreetAddress</maml:name><maml:description><maml:para>Specifies the organizational unit's street address. This parameter sets the StreetAddress property of an organizational unit object. The LDAP display name (ldapDisplayName) of this property is street.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADOrganizationalUnit</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies a modified copy of an organizational unit object to use to update the actual Active Directory organizational unit object. When this parameter is used, any modifications made to the modified copy of the object are also made to the corresponding Active Directory object. The cmdlet only updates the object properties that have changed. </maml:para><maml:para>The Instance parameter can only update organizational unit objects that have been retrieved by using the Get-ADOrganizationalUnit cmdlet. When you specify the Instance parameter, you cannot specify other parameters that set properties on the object. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADOrganizationalUnit</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon.. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>City</maml:name><maml:description><maml:para>Specifies the user's town or city. This parameter sets the City property of a user. The LDAP display name (ldapDisplayName) of this property is l.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Country</maml:name><maml:description><maml:para>Specifies the country or region code for the user's language of choice. This parameter sets the Country property of a user object. The LDAP Display Name (ldapDisplayName) of this property is c. This value is not used by Windows 2000. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy -- Microsoft.ActiveDirectory.Management.ADDomain</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADOrganizationalUnit</command:parameterValue><dev:type><maml:name>ADOrganizationalUnit</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies a modified copy of an organizational unit object to use to update the actual Active Directory organizational unit object. When this parameter is used, any modifications made to the modified copy of the object are also made to the corresponding Active Directory object. The cmdlet only updates the object properties that have changed. </maml:para><maml:para>The Instance parameter can only update organizational unit objects that have been retrieved by using the Get-ADOrganizationalUnit cmdlet. When you specify the Instance parameter, you cannot specify other parameters that set properties on the object. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADOrganizationalUnit</command:parameterValue><dev:type><maml:name>ADOrganizationalUnit</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ManagedBy</maml:name><maml:description><maml:para>Specifies the user or group that manages the object by providing one of the following property values. Note: The identifier in parentheses is the LDAP display name for the property. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>This parameter sets the Active Directory attribute with an LDAP Display Name of managedBy.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADPrincipal</command:parameterValue><dev:type><maml:name>ADPrincipal</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PostalCode</maml:name><maml:description><maml:para>Specifies the user's postal code or zip code. This parameter sets the PostalCode property of a user. The LDAP Display Name (ldapDisplayName) of this property is postalCode.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is: </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is:</maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>State</maml:name><maml:description><maml:para>Specifies the user's or Organizational Unit's state or province. This parameter sets the State property of a User or Organizational Unit object. The LDAP display name (ldapDisplayName) of this property is st.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>StreetAddress</maml:name><maml:description><maml:para>Specifies the organizational unit's street address. This parameter sets the StreetAddress property of an organizational unit object. The LDAP display name (ldapDisplayName) of this property is street.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADOrganizationalUnit</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An organizational unit object is received by the Identity parameter. </maml:para><maml:para>An organizational unit object that was retrieved by using the Get-ADOrganizationalUnit cmdlet and then modified is received by the Instance parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADOrganizationalUnit</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the modified organizational unit object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADOrganizationalUnit -Identity "OU=UserAccounts,DC=FABRIKAM,DC=COM" -Description "This Organizational Unit holds all of the users accounts of FABRIKAM.COM" </dev:code><dev:remarks><maml:para>This command sets the description of the OrganizationalUnit with distinguished name OU=UserAccounts,DC=FABRIKAM,DC=COM. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADOrganizationalUnit -Identity "OU=UserAccounts,DC=FABRIKAM,DC=COM" -ProtectedFromAccidentalDeletion $false </dev:code><dev:remarks><maml:para>This command sets the ProtectedFromAccidentalDeletion property to $False on the OrganizationalUnit with distinguished name OU=UserAccounts,DC=FABRIKAM,DC=COM.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADOrganizationalUnit -Identity "OU=AsiaPacific,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM" -Country "AU" -StreetAddress "45 Martens Place" -City Balmoral -State QLD -PostalCode 4171 -Replace @{co="Australia"} </dev:code><dev:remarks><maml:para>This command sets the Country, City and State, PostalCode, and Country properties on the OrganizationalUnit OU=AsiaPacific,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$EuropeSalesOU = Get-ADOrganizationalUnit -Identity "OU=Europe,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM" $EuropeSalesOU.Country = "UK" $EuropeSalesOU.StreetAddress = "22 Station Rd" $EuropeSalesOU.City = "QUARRINGTON" $EuropeSalesOU.PostalCode = "NG34 0NI" $EuropeSalesOU.co ="United Kingdom" Set-ADOrganizationalUnit -Instance $EuropeSalesOU </dev:code><dev:remarks><maml:para>This command creates a new organizational unit using the OrganizationalUnit OU=Europe,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM as a template.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADOrganizationalUnit -Identity "OU=Managed,DC=AppNC" -Server "FABRIKAM-SRV1:60000" -Country "UK" </dev:code><dev:remarks><maml:para>This command sets the Country property of the OrganizationalUnit OU=Managed,DC=AppNC in an AD LDS instance.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 6 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADOrganizationalUnit -Identity ""AccountingDepartment"" | Set-ADOrganizationalUnit -ManagedBy "PattiFullerGroup" </dev:code><dev:remarks><maml:para>This command modifies the ManagedBy property for the SecurityLevel2AccessGroup object. The command uses the Get-ADOrganizationalUnit cmdlet to get the AccountingDepartment organizational unit, and then passes the object to the current cmdlet by using the pipeline operator. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 7 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$OrganizationalUnit = Get-ADOrganizationalUnit -Identity "AccountingDepartment" PS C:\> $OrganizationalUnit.ManagedBy = "PattiFullerGroup" PS C:\> Set-ADOrganizationalUnit -Instance $OrganizationalUnit </dev:code><dev:remarks><maml:para>This example modifies the ManagedBy property for the AccountingDepartment organizational unit. The example modifies a local instance of the AccountingDepartment organizational unit and then specifies the Instance parameter for the current cmdlet as the local instance. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291123</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADOrganizationalUnit</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADOrganizationalUnit</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADOrganizationalUnit</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADReplicationConnection</command:name><maml:description><maml:para>Sets properties on Active Directory replication connections.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADReplicationConnection</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADReplicationConnection cmdlet sets properties on Active Directory replication connections. Connections are used to enable domain controllers to replicate with each other. A connection defines a one-way, inbound route from one domain controller, the source, to another domain controller, the destination. The Kerberos consistency checker (KCC) reuses existing connections where it can, deletes unused connections, and creates new connections if none exist that meet the current need. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADReplicationConnection</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy -- Microsoft.ActiveDirectory.Management.ADDomain</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationConnection</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon.. The format for this parameter is:</maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user. </maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is: </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ReplicateFromDirectoryServer</maml:name><maml:description><maml:para>Specifies the domain controller to use as a source for this replication connection. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDirectoryServer</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ReplicationSchedule</maml:name><maml:description><maml:para>Specifies the schedule on which the source server is available for replication. </maml:para><maml:para>Replication occurs at intervals that administrators can schedule so that use of expensive WAN links is managed. Use this parameter to specify the replication intervals. For more information on how replication topology works, see <maml:navigationLink><maml:linkText>How Active Directory Replication Topology Works</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=223932) on TechNet. </maml:para><maml:para>To specify the replication schedule, </maml:para><maml:para>1. Create a new Active Directory schedule object. </maml:para><maml:para>Example: </maml:para><maml:para>$schedule = New-Object -TypeName System.DirectoryServices.ActiveDirectory.ActiveDirectorySchedule; </maml:para><maml:para>2. Edit the schedule on the Active Directory schedule object. </maml:para><maml:para>Example: </maml:para><maml:para>$schedule.ResetSchedule(); </maml:para><maml:para>$schedule.SetDailySchedule("Twenty","Zero","TwentyTwo","Thirty"); </maml:para><maml:para>3. Using the Active Directory schedule object, set the replication schedule of the connection </maml:para><maml:para>Set-ADReplicationConnection "5f98e288-19e0-47a0-9677-57f05ed54f6b" -ReplicationSchedule $schedule </maml:para><maml:para>For more information on the ActiveDirectorySchedule class, see <maml:navigationLink><maml:linkText>ActiveDirectorySchedule Class</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=223933) on the Microsoft Developer Network. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ActiveDirectorySchedule</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADReplicationConnection</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user. </maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of an Active Directory object to use as a template for a new Active Directory object.</maml:para><maml:para>You can use an instance of an existing Active Directory object as a template or you can construct a new Active Directory object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing Active Directory object as a template for a new object. To retrieve an instance of an existing Active Directory object, use a cmdlet such as Get-ADObject. Then provide this object to the Instance parameter of the New-ADObject cmdlet to create a new Active Directory object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADObject and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADObject cmdlet to create the new Active Directory object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationConnection</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon.. The format for this parameter is:</maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user. </maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy -- Microsoft.ActiveDirectory.Management.ADDomain</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationConnection</command:parameterValue><dev:type><maml:name>ADReplicationConnection</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of an Active Directory object to use as a template for a new Active Directory object.</maml:para><maml:para>You can use an instance of an existing Active Directory object as a template or you can construct a new Active Directory object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing Active Directory object as a template for a new object. To retrieve an instance of an existing Active Directory object, use a cmdlet such as Get-ADObject. Then provide this object to the Instance parameter of the New-ADObject cmdlet to create a new Active Directory object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADObject and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADObject cmdlet to create the new Active Directory object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationConnection</command:parameterValue><dev:type><maml:name>ADReplicationConnection</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is: </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ReplicateFromDirectoryServer</maml:name><maml:description><maml:para>Specifies the domain controller to use as a source for this replication connection. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDirectoryServer</command:parameterValue><dev:type><maml:name>ADDirectoryServer</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ReplicationSchedule</maml:name><maml:description><maml:para>Specifies the schedule on which the source server is available for replication. </maml:para><maml:para>Replication occurs at intervals that administrators can schedule so that use of expensive WAN links is managed. Use this parameter to specify the replication intervals. For more information on how replication topology works, see <maml:navigationLink><maml:linkText>How Active Directory Replication Topology Works</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=223932) on TechNet. </maml:para><maml:para>To specify the replication schedule, </maml:para><maml:para>1. Create a new Active Directory schedule object. </maml:para><maml:para>Example: </maml:para><maml:para>$schedule = New-Object -TypeName System.DirectoryServices.ActiveDirectory.ActiveDirectorySchedule; </maml:para><maml:para>2. Edit the schedule on the Active Directory schedule object. </maml:para><maml:para>Example: </maml:para><maml:para>$schedule.ResetSchedule(); </maml:para><maml:para>$schedule.SetDailySchedule("Twenty","Zero","TwentyTwo","Thirty"); </maml:para><maml:para>3. Using the Active Directory schedule object, set the replication schedule of the connection </maml:para><maml:para>Set-ADReplicationConnection "5f98e288-19e0-47a0-9677-57f05ed54f6b" -ReplicationSchedule $schedule </maml:para><maml:para>For more information on the ActiveDirectorySchedule class, see <maml:navigationLink><maml:linkText>ActiveDirectorySchedule Class</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=223933) on the Microsoft Developer Network. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ActiveDirectorySchedule</command:parameterValue><dev:type><maml:name>ActiveDirectorySchedule</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADReplicationConnection</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A connection object is received by the Identity parameter. </maml:para><maml:para>A connection object that was retrieved by using the Get-ADReplicationConnection cmdlet and then modified is received by the Instance parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADReplicationConnection</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADReplicationConnection -Identity "5f98e288-19e0-47a0-9677-57f05ed54f6b" -ReplicateFromDirectoryServer corp-DC01 </dev:code><dev:remarks><maml:para>This command sets the replication connection with name 5f98e288-19e0-47a0-9677-57f05ed54f6b to replicate from corp-DC01. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$schedule = New-Object -TypeName System.DirectoryServices.ActiveDirectory.ActiveDirectorySchedule PS C:\> $schedule.ResetSchedule() PS C:\> $schedule.SetDailySchedule("Twenty","Zero","TwentyTwo","Thirty") PS C:\> Get-ADReplicationConnection -Filter {ReplicateFromDirectoryServer -eq "corp-DC01"} -Properties ReplicationSchedule | % {Set-ADReplicationConnection $_ - ReplicationSchedule $schedule} </dev:code><dev:remarks><maml:para>This example gets all the replication connections in the directory that replicate from corp-DC01, and then sets the daily replication schedule on these connection objects.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291124</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADReplicationConnection</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADReplicationSite</command:name><maml:description><maml:para>Sets the replication properties for an Active Directory site.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADReplicationSite</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADReplicationSite cmdlet is used to set the properties for an Active Directory site that is being used for replication. Sites are used in Active Directory to either enable clients to discover network resources (published shares, domain controllers) close to the physical location of a client computer or to reduce network traffic over wide area network (WAN) links. Sites can also be used to optimize replication between domain controllers. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADReplicationSite</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSite</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon.. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}</maml:para><maml:para>When you use the Add, Remove, Replace and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AutomaticInterSiteTopologyGenerationEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet prevents the KCC that functions as the intersite topology generator (ISTG) from generating connections for intersite replication. Use this option when you want to create manual intersite connections (disable the ISTG) but retain the KCC to generate intrasite connections. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AutomaticTopologyGenerationEnabled</maml:name><maml:description><maml:para>Indicates whether to enable automatic topology generation. When enabled, prevents the KCC from generating intrasite connections on all servers in the site. Disable this option if you use manual connections and do not want the KCC to build connections automatically.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user. </maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>InterSiteTopologyGenerator</maml:name><maml:description><maml:para>Specifies the server acting as the inter-site topology generator for this site.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDirectoryServer</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ManagedBy</maml:name><maml:description><maml:para>Specifies the user or group that manages the object by providing one of the following property values: -- Distinguished Name -- GUID (objectGUID) -- Security Identifier (objectSid) -- SAM Account Name (sAMAccountName) Note: The identifier in parentheses is the LDAP display name for the property.</maml:para><maml:para>This parameter sets the Active Directory attribute with an LDAP Display Name of managedBy.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADPrincipal</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>RedundantServerTopologyEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet creates redundant connections between sites before a failure takes place. When enabled, disables KCC failover. Requires that automatic detection of failed connections also be disabled (+IS_TOPL_DETECT_STALE_DISABLED). </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is:</maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ReplicationSchedule</maml:name><maml:description><maml:para>Specifies the default replication schedule for connections within this site (intra-site replication). </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ActiveDirectorySchedule</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ScheduleHashingEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet spreads replication start times randomly across the entire schedule interval rather than just the first quarter of the interval.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TopologyCleanupEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet enables topology cleanup. When enabled, this optional parameter prevents the Kerberos consistency checker (KCC) from removing connection objects that it does not need. Disable this option if you want to take responsibility for removing old redundant connections. Alternatively, to control or augment the topology, you can use manual connections, which the KCC does not delete.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TopologyDetectStaleEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet enables topology detect stale. This parameter option prevents the Kerberos consistency checker (KCC) from excluding servers that are unreachable from the topology; that is, the KCC does use an alternate server to reroute replication. Use this option only if network communication is very unstable and brief outages are expected.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TopologyMinimumHopsEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet enables topology minimium hops. When enabled, this parameter prevents the Kerberos consistency checker (KCC) from generating optimizing connections in the ring topology of intrasite replication. Optimizing connections reduce the replication latency in the site and disabling them is not recommended. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UniversalGroupCachingEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet enables universal group caching. If this parameter is true, it indicates this site caches universal groups, which are those groups cached on global catalog (GC) servers. It can be useful in sites with no GC servers available locally.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UniversalGroupCachingRefreshSite</maml:name><maml:description><maml:para>Specifies the name of a site. If universal group caching is enabled, this parameter sets the name of the site from which the cache is pulled. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSite</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>WindowsServer2000BridgeheadSelectionMethodEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet implements the Windows 2000 Server method of selecting a single bridgehead server per directory partition and transport.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>WindowsServer2000KCCISTGSelectionBehaviorEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet implements the Windows 2000 Server method of Intersite Topology Generator (ISTG) selection. By default, it is disabled. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>WindowsServer2003KCCBehaviorEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet implements Kerberos consistency checker (KCC) operation that is consistent with Windows Server 2003 forest functional level. This option can be set if all domain controllers in the site are running Windows Server 2003.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>WindowsServer2003KCCIgnoreScheduleEnabled</maml:name><maml:description><maml:para>Indicates whether to ignore schedules. When the forest functional level Windows Server 2003 or Windows Server 2003 interim is in effect, provides KCC control of the ability to ignore schedules (replication occurs at the designated intervals and is always available). </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>WindowsServer2003KCCSiteLinkBridgingEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet enables site link bridging. When the forest functional level Windows Server 2003 or Windows Server 2003 interim is in effect, provides Kerberos consistency checker (KCC) control of the ability to enable or disable site link bridging. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADReplicationSite</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user. </maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a site object to use as a template for a new site object. </maml:para><maml:para>You can use an instance of an existing site object as a template or you can construct a new site object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing site object as a template for a new object. To retrieve an instance of an existing site object, use a cmdlet such as Get-ADReplicationSite. Then provide this object to the Instance parameter of the New-ADReplicationSite cmdlet to create a new site object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADReplicationSite and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADReplicationSite cmdlet to create the new Active Directory object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSite</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon.. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}</maml:para><maml:para>When you use the Add, Remove, Replace and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AutomaticInterSiteTopologyGenerationEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet prevents the KCC that functions as the intersite topology generator (ISTG) from generating connections for intersite replication. Use this option when you want to create manual intersite connections (disable the ISTG) but retain the KCC to generate intrasite connections. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AutomaticTopologyGenerationEnabled</maml:name><maml:description><maml:para>Indicates whether to enable automatic topology generation. When enabled, prevents the KCC from generating intrasite connections on all servers in the site. Disable this option if you use manual connections and do not want the KCC to build connections automatically.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user. </maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSite</command:parameterValue><dev:type><maml:name>ADReplicationSite</maml:name><maml:uri /></dev:type><dev:defaultValue>None</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a site object to use as a template for a new site object. </maml:para><maml:para>You can use an instance of an existing site object as a template or you can construct a new site object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing site object as a template for a new object. To retrieve an instance of an existing site object, use a cmdlet such as Get-ADReplicationSite. Then provide this object to the Instance parameter of the New-ADReplicationSite cmdlet to create a new site object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADReplicationSite and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADReplicationSite cmdlet to create the new Active Directory object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSite</command:parameterValue><dev:type><maml:name>ADReplicationSite</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>InterSiteTopologyGenerator</maml:name><maml:description><maml:para>Specifies the server acting as the inter-site topology generator for this site.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADDirectoryServer</command:parameterValue><dev:type><maml:name>ADDirectoryServer</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ManagedBy</maml:name><maml:description><maml:para>Specifies the user or group that manages the object by providing one of the following property values: -- Distinguished Name -- GUID (objectGUID) -- Security Identifier (objectSid) -- SAM Account Name (sAMAccountName) Note: The identifier in parentheses is the LDAP display name for the property.</maml:para><maml:para>This parameter sets the Active Directory attribute with an LDAP Display Name of managedBy.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADPrincipal</command:parameterValue><dev:type><maml:name>ADPrincipal</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>RedundantServerTopologyEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet creates redundant connections between sites before a failure takes place. When enabled, disables KCC failover. Requires that automatic detection of failed connections also be disabled (+IS_TOPL_DETECT_STALE_DISABLED). </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is:</maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ReplicationSchedule</maml:name><maml:description><maml:para>Specifies the default replication schedule for connections within this site (intra-site replication). </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ActiveDirectorySchedule</command:parameterValue><dev:type><maml:name>ActiveDirectorySchedule</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ScheduleHashingEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet spreads replication start times randomly across the entire schedule interval rather than just the first quarter of the interval.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TopologyCleanupEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet enables topology cleanup. When enabled, this optional parameter prevents the Kerberos consistency checker (KCC) from removing connection objects that it does not need. Disable this option if you want to take responsibility for removing old redundant connections. Alternatively, to control or augment the topology, you can use manual connections, which the KCC does not delete.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TopologyDetectStaleEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet enables topology detect stale. This parameter option prevents the Kerberos consistency checker (KCC) from excluding servers that are unreachable from the topology; that is, the KCC does use an alternate server to reroute replication. Use this option only if network communication is very unstable and brief outages are expected.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TopologyMinimumHopsEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet enables topology minimium hops. When enabled, this parameter prevents the Kerberos consistency checker (KCC) from generating optimizing connections in the ring topology of intrasite replication. Optimizing connections reduce the replication latency in the site and disabling them is not recommended. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UniversalGroupCachingEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet enables universal group caching. If this parameter is true, it indicates this site caches universal groups, which are those groups cached on global catalog (GC) servers. It can be useful in sites with no GC servers available locally.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UniversalGroupCachingRefreshSite</maml:name><maml:description><maml:para>Specifies the name of a site. If universal group caching is enabled, this parameter sets the name of the site from which the cache is pulled. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSite</command:parameterValue><dev:type><maml:name>ADReplicationSite</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>WindowsServer2000BridgeheadSelectionMethodEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet implements the Windows 2000 Server method of selecting a single bridgehead server per directory partition and transport.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>WindowsServer2000KCCISTGSelectionBehaviorEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet implements the Windows 2000 Server method of Intersite Topology Generator (ISTG) selection. By default, it is disabled. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>WindowsServer2003KCCBehaviorEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet implements Kerberos consistency checker (KCC) operation that is consistent with Windows Server 2003 forest functional level. This option can be set if all domain controllers in the site are running Windows Server 2003.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>WindowsServer2003KCCIgnoreScheduleEnabled</maml:name><maml:description><maml:para>Indicates whether to ignore schedules. When the forest functional level Windows Server 2003 or Windows Server 2003 interim is in effect, provides KCC control of the ability to ignore schedules (replication occurs at the designated intervals and is always available). </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>WindowsServer2003KCCSiteLinkBridgingEnabled</maml:name><maml:description><maml:para>Indicates whether the cmdlet enables site link bridging. When the forest functional level Windows Server 2003 or Windows Server 2003 interim is in effect, provides Kerberos consistency checker (KCC) control of the ability to enable or disable site link bridging. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADReplicationSite</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A site object is received by the Identity parameter.</maml:para><maml:para>A site object that was retrieved by using the Get-ADReplicationSite cmdlet and then modified is received by the Instance parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADReplicationSite</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADReplicationSite -Identity NorthAmerica -InterSiteTopologyGenerator corp-DC02 -AutomaticInterSiteTopologyGenerationEnabled $False </dev:code><dev:remarks><maml:para>The command sets the properties of the site with name NorthAmerica to prevent its intersite topology generator (ISTG) at corp-DC02 from generating connections for intersite replication. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationSite -Filter * | % {Set-ADReplicationSite $_ -ScheduleHashingEnabled $True} </dev:code><dev:remarks><maml:para>This command returns all the sites in the directory and sets the ScheduleHashingEnabled property to spread replication start times randomly across the entire schedule interval rather than just the first quarter of the interval. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$schedule = New-Object -TypeName System.DirectoryServices.ActiveDirectory.ActiveDirectorySchedule PS C:\> $schedule.ResetSchedule() PS C:\> $schedule.SetDailySchedule("Twenty","Zero","TwentyTwo","Thirty") PS C:\> Set-ADReplicationSite -Identity "Asia" -ReplicationSchedule $schedule </dev:code><dev:remarks><maml:para>This example sets the daily replication schedule of the site with name Asia.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291125</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADReplicationSite</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADReplicationSite</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADReplicationSite</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADReplicationSiteLink</command:name><maml:description><maml:para>Sets the properties for an Active Directory site link.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADReplicationSiteLink</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADReplicationSiteLink cmdlet can be used to set properties on an Active Directory site link. A site link connects two or more sites. Site links reflect the administrative policy for how sites are to be interconnected and the methods used to transfer replication traffic. You must connect sites with site links so that domain controllers at each site can replicate Active Directory changes. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADReplicationSiteLink</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSiteLink</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Cost</maml:name><maml:description><maml:para>Specifies the cost to be placed on the site link. For more information on determining the cost, see <maml:navigationLink><maml:linkText>Determining the Cost</maml:linkText><maml:uri></maml:uri></maml:navigationLink> in the TechNet Library: http://go.microsoft.com/fwlink/?LinkId=221871. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is:</maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ReplicationFrequencyInMinutes</maml:name><maml:description><maml:para>Species the frequency, in minutes, for which replication will occur where this site link is in use between sites. Active Directory preserves bandwidth between sites by minimizing the frequency of replication and by allowing you to schedule the availability of site links for replication. By default, intersite replication across each site link occurs every 180 minutes (3 hours). You can adjust this frequency to match your specific needs. Be aware that increasing this frequency increases the amount of bandwidth used by replication. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ReplicationSchedule</maml:name><maml:description><maml:para>Specifies the default replication schedule for any connections within this site link (intra-site replication). This allows you to schedule the availability of site links for use by replication. By default, a site link is available to carry replication traffic 24 hours a day, 7 days a week. You can limit this schedule to specific days of the week and times of day. You can, for example, schedule intersite replication so that it only occurs after normal business hours. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ActiveDirectorySchedule</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SitesIncluded</maml:name><maml:description><maml:para>Specifies the list of sites included in the site link. For Set-ADReplicationSiteLink operations, you can add or include new sites within an existing site link by specifying them using this parameter. You do not have to specify all previously listed sites already within this link. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADReplicationSiteLink</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a site link object to use as a template for a new site link object.</maml:para><maml:para>You can use an instance of an existing site link object as a template or you can construct a new site link object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing site link object as a template for a new object. To retrieve an instance of an existing site link object, use a cmdlet such as Get-ADReplicationSiteLink. Then provide this object to the Instance parameter of the New-ADReplicationSiteLink cmdlet to create a new site link object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADReplicationSiteLink and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADReplicationSiteLink cmdlet to create the new Active Directory object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSiteLink</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Cost</maml:name><maml:description><maml:para>Specifies the cost to be placed on the site link. For more information on determining the cost, see <maml:navigationLink><maml:linkText>Determining the Cost</maml:linkText><maml:uri></maml:uri></maml:navigationLink> in the TechNet Library: http://go.microsoft.com/fwlink/?LinkId=221871. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSiteLink</command:parameterValue><dev:type><maml:name>ADReplicationSiteLink</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a site link object to use as a template for a new site link object.</maml:para><maml:para>You can use an instance of an existing site link object as a template or you can construct a new site link object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing site link object as a template for a new object. To retrieve an instance of an existing site link object, use a cmdlet such as Get-ADReplicationSiteLink. Then provide this object to the Instance parameter of the New-ADReplicationSiteLink cmdlet to create a new site link object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADReplicationSiteLink and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADReplicationSiteLink cmdlet to create the new Active Directory object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSiteLink</command:parameterValue><dev:type><maml:name>ADReplicationSiteLink</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is:</maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ReplicationFrequencyInMinutes</maml:name><maml:description><maml:para>Species the frequency, in minutes, for which replication will occur where this site link is in use between sites. Active Directory preserves bandwidth between sites by minimizing the frequency of replication and by allowing you to schedule the availability of site links for replication. By default, intersite replication across each site link occurs every 180 minutes (3 hours). You can adjust this frequency to match your specific needs. Be aware that increasing this frequency increases the amount of bandwidth used by replication. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ReplicationSchedule</maml:name><maml:description><maml:para>Specifies the default replication schedule for any connections within this site link (intra-site replication). This allows you to schedule the availability of site links for use by replication. By default, a site link is available to carry replication traffic 24 hours a day, 7 days a week. You can limit this schedule to specific days of the week and times of day. You can, for example, schedule intersite replication so that it only occurs after normal business hours. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ActiveDirectorySchedule</command:parameterValue><dev:type><maml:name>ActiveDirectorySchedule</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SitesIncluded</maml:name><maml:description><maml:para>Specifies the list of sites included in the site link. For Set-ADReplicationSiteLink operations, you can add or include new sites within an existing site link by specifying them using this parameter. You do not have to specify all previously listed sites already within this link. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADReplicationSiteLink</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A site link object is received by the Identity parameter. </maml:para><maml:para>A site link object that was retrieved by using the Get-ADReplicationSiteLink cmdlet and then modified is received by the Instance parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADReplicationSiteLink</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADReplicationSiteLink -Identity "Europe-Asia" -SitesIncluded @{Add="Asia2";Remove="Asia"} </dev:code><dev:remarks><maml:para>This command adds site Asia2 to the site link Europe-Asia, and removes site Asia. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationSiteLink -Filter {ReplicationFrequencyInMinutes -ge 60} -Properties Cost | % {Set-ADReplicationSiteLink $_ -Cost 200} </dev:code><dev:remarks><maml:para>This command gets all the site links in the directory with replication frequency greater than or equal to 60 minutes, and then sets the Cost property on these site link objects to 200. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code> PS C:\>$schedule = New-Object -TypeName System.DirectoryServices.ActiveDirectory.ActiveDirectorySchedule PS C:\> $schedule.ResetSchedule() PS C:\> $schedule.SetDailySchedule("Twenty","Zero","TwentyTwo","Thirty") PS C:\> Set-ADReplicationSiteLink -Identity "NorthAmerica-SouthAmerica" -ReplicationSchedule $schedule </dev:code><dev:remarks><maml:para>This command sets the daily replication schedule of the site link with name NorthAmerica-SouthAmerica. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADReplicationSiteLink -Identity "Europe-Asia" -Replace @{'options'=1} </dev:code><dev:remarks><maml:para>This command enables change notification on the site link with name Europe-Asia. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291126</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADReplicationSiteLink</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADReplicationSiteLink</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADReplicationSiteLink</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADReplicationSiteLinkBridge</command:name><maml:description><maml:para>Sets the properties of a replication site link bridge in Active Directory.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADReplicationSiteLinkBridge</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADReplicationSiteLinkBridge cmdlet sets the properties for a replication site link bridge in Active Directory. A site link bridge connects two or more site links and enables transitivity between site links. Each site link in a bridge must have a site in common with another site link in the bridge.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADReplicationSiteLinkBridge</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSiteLinkBridge</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is:</maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is:</maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SiteLinksIncluded</maml:name><maml:description><maml:para>Specifies the list of site links that are included in this site link bridge. Accepted values for this parameter are the distinguished name (DN), a GUID, or the name of a site link.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADReplicationSiteLinkBridge</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a site link bridge object to use as a template for a new site link bridge object. </maml:para><maml:para>You can use an instance of an existing site link bridge object as a template or you can construct a new site link bridge object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing site link bridge object as a template for a new object. To retrieve an instance of an existing site link bridge object, use a cmdlet such as Get-ADReplicationSiteLinkBridge. Then provide this object to the Instance parameter of the New-ADReplicationSiteLinkBridge cmdlet to create a new site link bridge object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADReplicationSiteLinkBridge and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADReplicationSiteLinkBridge cmdlet to create the new Active Directory object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSiteLinkBridge</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSiteLinkBridge</command:parameterValue><dev:type><maml:name>ADReplicationSiteLinkBridge</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a site link bridge object to use as a template for a new site link bridge object. </maml:para><maml:para>You can use an instance of an existing site link bridge object as a template or you can construct a new site link bridge object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing site link bridge object as a template for a new object. To retrieve an instance of an existing site link bridge object, use a cmdlet such as Get-ADReplicationSiteLinkBridge. Then provide this object to the Instance parameter of the New-ADReplicationSiteLinkBridge cmdlet to create a new site link bridge object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADReplicationSiteLinkBridge and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADReplicationSiteLinkBridge cmdlet to create the new Active Directory object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSiteLinkBridge</command:parameterValue><dev:type><maml:name>ADReplicationSiteLinkBridge</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is:</maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is:</maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SiteLinksIncluded</maml:name><maml:description><maml:para>Specifies the list of site links that are included in this site link bridge. Accepted values for this parameter are the distinguished name (DN), a GUID, or the name of a site link.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADReplicationSiteLinkBridge</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A site link bridge object is received by the Identity parameter. </maml:para><maml:para>A site link bridge object that was retrieved by using the Get-ADReplicationSiteLinkBridge cmdlet and then modified is received by the Instance parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADReplicationSiteLinkBridge</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADReplicationSiteLinkBridge -Identity "NorthAmerica-Asia" -SiteLinksIncluded @{Add='NorthAmerica-Europe2','Europe2-Asia';Remove='NorthAmerica-Europe','Europe-Asia'} </dev:code><dev:remarks><maml:para>This command updates the site link bridge NorthAmerica-Asia to use Europe2 instead of Europe. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationSiteLinkBridge -Filter {SiteLinksIncluded -eq "NorthAmerica-Europe" -and SiteLinksIncluded -eq "Europe-Asia"} -Properties SiteLinksIncluded | % {Set-ADReplicationSiteLinkBridge $_ -SiteLinksIncluded @{Add='NorthAmerica-Europe2','Europe2-Asia';Remove='NorthAmerica-Europe','Europe-Asia'}} </dev:code><dev:remarks><maml:para>This command gets all the site link bridges in the directory that includes site links NorthAmerica-Europe and Europe-Asia, and then updates the site link bridge objects to use Europe2 instead of Europe. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291127</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADReplicationSiteLinkBridge</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADReplicationSiteLinkBridge</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADReplicationSiteLinkBridge</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADReplicationSubnet</command:name><maml:description><maml:para>Sets the properties of an Active Directory replication subnet object.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADReplicationSubnet</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADReplicationSubnet cmdlet sets the properties of an Active Directory replication subnet object. Subnet objects (class subnet) define network subnets in Active Directory. A network subnet is a segment of a TCP/IP network to which a set of logical IP addresses is assigned. Subnets group computers in a way that identifies their physical proximity on the network. Subnet objects in Active Directory are used to map computers to sites. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADReplicationSubnet</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSubnet</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Location</maml:name><maml:description><maml:para>Specifies a string that can be used to describe the physical location of this subnet. This value may be displayed or made visible when the subnet object appears in other Active Directory administrative tools. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is:</maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]}</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Site</maml:name><maml:description><maml:para>Specifies the site associated with this subnet.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSite</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADReplicationSubnet</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a subnet object to use as a template for a new subnet object.</maml:para><maml:para>You can use an instance of an existing subnet object as a template or you can construct a new subnet object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing subnet object as a template for a new object. To retrieve an instance of an existing subnet object, use a cmdlet such as Get-ADReplicationSubnet. Then provide this object to the Instance parameter of the New-ADReplicationSubnet cmdlet to create a new subnet object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADReplicationSubnet and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADReplicationSubnet cmdlet to create the new subnet object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSubnet</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user.</maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSubnet</command:parameterValue><dev:type><maml:name>ADReplicationSubnet</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a subnet object to use as a template for a new subnet object.</maml:para><maml:para>You can use an instance of an existing subnet object as a template or you can construct a new subnet object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing subnet object as a template for a new object. To retrieve an instance of an existing subnet object, use a cmdlet such as Get-ADReplicationSubnet. Then provide this object to the Instance parameter of the New-ADReplicationSubnet cmdlet to create a new subnet object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADReplicationSubnet and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADReplicationSubnet cmdlet to create the new subnet object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSubnet</command:parameterValue><dev:type><maml:name>ADReplicationSubnet</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Location</maml:name><maml:description><maml:para>Specifies a string that can be used to describe the physical location of this subnet. This value may be displayed or made visible when the subnet object appears in other Active Directory administrative tools. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is:</maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]}</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Site</maml:name><maml:description><maml:para>Specifies the site associated with this subnet.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADReplicationSite</command:parameterValue><dev:type><maml:name>ADReplicationSite</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADReplicationSubnet</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A subnet object is received by the Identity parameter.</maml:para><maml:para>A subnet object that was retrieved by using the Get-ADReplicationSubnet cmdlet and then modified is received by the Instance parameter.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADReplicationSubnet</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADReplicationSubnet -Identity "10.0.0.12/22" -Site Asia -Location "Tokyo,Japan" </dev:code><dev:remarks><maml:para>This command sets the properties of the subnet named 10.0.0.12/22.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADReplicationSubnet -Filter {Location -like "*Japan"} -Properties Site | % {Set-ADReplicationSubnet $_ -Site Asia} </dev:code><dev:remarks><maml:para>This command gets all the subnets in the directory that are in Japan, and set Asia as their associated site.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291128</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADReplicationSubnet</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADReplicationSubnet</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADReplicationSubnet</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADResourceProperty</command:name><maml:description><maml:para>Modifies a resource property in Active Directory. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADResourceProperty</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADResourceProperty cmdlet can be used to modify a resource property in Active Directory. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADResourceProperty</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourceProperty</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon.. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AppliesToResourceTypes</maml:name><maml:description><maml:para>Specifies the list of resource types that this property applies to. For Set-ADResourceProperty operations, you can add or include new resource types within an existing property by specifying them using this parameter. You do not have to specify all previously listed resource types already within this property. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Displays the name of the resource property. The display name of the resource property must be unique. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Specifies whether the resource property is enabled. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is: </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]}</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SharesValuesWith</maml:name><maml:description><maml:para>Specifies a reference resource property. Reference resource properties do not provide their own suggested values, but rather use the suggested values from the claim type object specified in this parameter. This enables the resource property to be always valid for comparisons with the referred claim type in a central access rule.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimType</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SuggestedValues</maml:name><maml:description><maml:para>Specifies one or more suggested values for the resource property. An application may choose to present this list of suggested values for the user to choose from. When RestrictValues is set to $True, the application should restrict the user to pick values from this list only. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADSuggestedValueEntry[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADResourceProperty</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a resource property object to use as a template for a new resource property object.</maml:para><maml:para>You can use an instance of an existing resource property object as a template or you can construct a new resource property object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing resource property object as a template for a new object. To retrieve an instance of an existing resource property object, use a cmdlet such as Get-ADResourceProperty. Then provide this object to the Instance parameter of the New-ADResourceProperty cmdlet to create a new resource property object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADResourceProperty and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADResourceProperty cmdlet to create the new resource property object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourceProperty</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon.. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AppliesToResourceTypes</maml:name><maml:description><maml:para>Specifies the list of resource types that this property applies to. For Set-ADResourceProperty operations, you can add or include new resource types within an existing property by specifying them using this parameter. You do not have to specify all previously listed resource types already within this property. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Displays the name of the resource property. The display name of the resource property must be unique. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Specifies whether the resource property is enabled. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourceProperty</command:parameterValue><dev:type><maml:name>ADResourceProperty</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a resource property object to use as a template for a new resource property object.</maml:para><maml:para>You can use an instance of an existing resource property object as a template or you can construct a new resource property object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing resource property object as a template for a new object. To retrieve an instance of an existing resource property object, use a cmdlet such as Get-ADResourceProperty. Then provide this object to the Instance parameter of the New-ADResourceProperty cmdlet to create a new resource property object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADResourceProperty and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADResourceProperty cmdlet to create the new resource property object. </maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourceProperty</command:parameterValue><dev:type><maml:name>ADResourceProperty</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to $True, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is: </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]}</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SharesValuesWith</maml:name><maml:description><maml:para>Specifies a reference resource property. Reference resource properties do not provide their own suggested values, but rather use the suggested values from the claim type object specified in this parameter. This enables the resource property to be always valid for comparisons with the referred claim type in a central access rule.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADClaimType</command:parameterValue><dev:type><maml:name>ADClaimType</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SuggestedValues</maml:name><maml:description><maml:para>Specifies one or more suggested values for the resource property. An application may choose to present this list of suggested values for the user to choose from. When RestrictValues is set to $True, the application should restrict the user to pick values from this list only. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADSuggestedValueEntry[]</command:parameterValue><dev:type><maml:name>ADSuggestedValueEntry[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADResourceProperty</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADResourceProperty</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$us = New-Object Microsoft.ActiveDirectory.Management.ADSuggestedValueEntry("US", "United States of America", "United States of America") PS C:\> $jp = New-Object Microsoft.ActiveDirectory.Management.ADSuggestedValueEntry("JP", "Japan", "Japan") PS C:\> Set-ADResourceProperty -Identity Country -SuggestedValues $us,$jp </dev:code><dev:remarks><maml:para>This example sets the suggested values of the resource property with display name Country to US and JP. Applications using this resource property would allow their users to specify one of the suggested values as this resource property's value.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADResourceProperty -Identity Country -SharesValuesWith Country </dev:code><dev:remarks><maml:para>This command sets the resource property with display name Country to reference an existing claim type named Country for its suggested values. This enables the resource property to be always valid for comparisons with the referenced claim type in a central access rule.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291129</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADResourcePropertyList</command:name><maml:description><maml:para>Modifies a resource property list in Active Directory. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADResourcePropertyList</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADResourcePropertyList cmdlet can be used to modify a resource property list in Active Directory. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADResourcePropertyList</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourcePropertyList</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon.. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is: </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADResourcePropertyList</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a resource property list object to use as a template for a new resource property list object. </maml:para><maml:para>You can use an instance of an existing resource property list object as a template or you can construct a resource property list object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing resource property list object as a template for a new object. To retrieve an instance of an existing resource property list object, use a cmdlet such as Get-ADResourcePropertyList. Then provide this object to the Instance parameter of the New-ADResourcePropertyList cmdlet to create a new resource property list object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADResourcePropertyList and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADResourcePropertyList cmdlet to create the new resource property list object.</maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourcePropertyList</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon.. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourcePropertyList</command:parameterValue><dev:type><maml:name>ADResourcePropertyList</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an instance of a resource property list object to use as a template for a new resource property list object. </maml:para><maml:para>You can use an instance of an existing resource property list object as a template or you can construct a resource property list object by using the Windows PowerShell command line or by using a script. </maml:para><maml:para>Method 1: Use an existing resource property list object as a template for a new object. To retrieve an instance of an existing resource property list object, use a cmdlet such as Get-ADResourcePropertyList. Then provide this object to the Instance parameter of the New-ADResourcePropertyList cmdlet to create a new resource property list object. You can override property values of the new object by setting the appropriate parameters. </maml:para><maml:para>Method 2: Create a new ADResourcePropertyList and set the property values by using the Windows PowerShell command line interface. Then pass this object to the Instance parameter of the New-ADResourcePropertyList cmdlet to create the new resource property list object.</maml:para><maml:para>Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADResourcePropertyList</command:parameterValue><dev:type><maml:name>ADResourcePropertyList</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProtectedFromAccidentalDeletion</maml:name><maml:description><maml:para>Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is: </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADClaimTypeList</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADClaimTypeList</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADResourcePropertyList -Identity "Corporate Resource Property List" -Description "For corporate documents." </dev:code><dev:remarks><maml:para>This command sets the resource property list named Corporate Resource Property List with the description For corporate documents. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADResourcePropertyList -Name "Corporate Resource Property List" | Set-ADResourcePropertyList -Description "For corporate documents." </dev:code><dev:remarks><maml:para>This command gets the resource property list named Corporate Resource Property List and then sets its description to For corporate documents. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291130</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADServiceAccount</command:name><maml:description><maml:para>Modifies an Active Directory managed service account or group managed service account object.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADServiceAccount</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADServiceAccount cmdlet modifies the properties of an Active Directory managed service account (MSA). You can modify commonly used property values by using the cmdlet parameters. Property values that are not associated with cmdlet parameters can be modified by using the Add, Replace, Clear and Remove parameters.</maml:para><maml:para>The Identity parameter specifies the Active Directory MSA to modify. You can identify an MSA by its distinguished name (DN), GUID, security identifier (SID), or Security Accounts Manager (SAM) account name. You can also set the Identity parameter to an object variable such as $<localServiceAccountObject>, or you can pass an object through the pipeline to the Identity parameter. For example, you can use the Get-ADServiceAccount cmdlet to retrieve a MSA object and then pass the object through the pipeline to the Set-ADServiceAccount cmdlet. </maml:para><maml:para>The Instance parameter provides a way to update an MSA object by applying the changes made to a copy of the object. When you set the Instance parameter to a copy of an Active Directory MSA object that has been modified, the Set-ADServiceAccount cmdlet makes the same changes to the original MSA object. To get a copy of the object to modify, use the Get-ADServiceAccount object. When you specify the Instance parameter you should not pass the Identity parameter. For more information about the Instance parameter, see the Instance parameter description.</maml:para><maml:para>For more information about how the Instance concept is used in Active Directory cmdlets, type Get-Help about_ActiveDirectory_Instance.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADServiceAccount</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADServiceAccount</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AccountExpirationDate</maml:name><maml:description><maml:para>Specifies the expiration date for an account. When you set this parameter to 0, the account never expires. This parameter sets the AccountExpirationDate property of an account object. The LDAP display name (ldapDisplayName) for this property is accountExpires. </maml:para><maml:para>Use the DateTime syntax when you specify this parameter. Time is assumed to be local time unless otherwise specified. When a time value is not specified, the time is assumed to 12:00:00 AM local time. When a date is not specified, the date is assumed to be the current date. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AccountNotDelegated</maml:name><maml:description><maml:para>Indicates whether the security context of the user is delegated to a service. When this parameter is set to true, the security context of the account is not delegated to a service even when the service account is set as trusted for Kerberos delegation. This parameter sets the AccountNotDelegated property for an Active Directory account. This parameter also sets the ADS_UF_NOT_DELEGATED flag of the Active Directory User Account Control (UAC) attribute. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is:</maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}</maml:para><maml:para>When you use the Add, Remove, Replace and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthenticationPolicy</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy object. Specify the authentication policy object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthenticationPolicySilo</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy silo object. Specify the authentication policy silo object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Certificates</maml:name><maml:description><maml:para>Specifies an array of certificates. The cmdlet modifies the DER-encoded X.509v3 certificates of the account. These certificates include the public key certificates issued to this account by the Microsoft Certificate Service. This parameter sets the Certificates property of the account object. The LDAP display name (ldapDisplayName) for this property is userCertificate.</maml:para><maml:para>Syntax:</maml:para><maml:para>To add values: </maml:para><maml:para>-Certificates @{Add=value1,value2,...}</maml:para><maml:para>To remove values:</maml:para><maml:para>-Certificates @{Remove=value3,value4,...}</maml:para><maml:para>To replace values:</maml:para><maml:para>-Certificates @{Replace=value1,value2,...}</maml:para><maml:para>To clear all values:</maml:para><maml:para>-Certificates $Null</maml:para><maml:para>You can specify more than one operation by using a list separated by semicolons. For example, use the following syntax to add and remove Certificate values:</maml:para><maml:para>-Certificates @{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>CompoundIdentitySupported</maml:name><maml:description><maml:para>Indicates whether an account supports Kerberos service tickets which includes the authorization data for the user's device. This value sets the compound identity supported flag of the Active Directory msDS-SupportedEncryptionTypes attribute. </maml:para><maml:para>Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore any changes to the flag on the msDS-SupportedEncryptionTypes attribute will be overwritten by the service or system which manages the setting. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DNSHostName</maml:name><maml:description><maml:para>Specifies the DNS host name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Specifies if an account is enabled. An enabled account requires a password. This parameter sets the Enabled property for an account object. This parameter also sets the ADS_UF_ACCOUNTDISABLE flag of the Active Directory User Account Control (UAC) attribute. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HomePage</maml:name><maml:description><maml:para>Specifies the URL of the home page of the object. This parameter sets the homePage property of an Active Directory object. The LDAP Display Name (ldapDisplayName) for this property is wWWHomePage.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>KerberosEncryptionType</maml:name><maml:description><maml:para>Specifies whether an account supports Kerberos encryption types which are used during creation of service tickets. This value sets the encryption types supported flags of the Active Directory msDS-SupportedEncryptionTypes attribute. The acceptable values for this parameter are: -- None -- DES -- RC4 -- AES128 -- AES256</maml:para><maml:para>None will remove all encryption types from the account may result in the KDC being unable to issue service tickets for services using the account.</maml:para><maml:para>DES is a weak encryption type which is not supported by default since Windows 7 and Windows Server 2008 R2.</maml:para><maml:para>Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore any changes to the flag on the msDS-SupportedEncryptionTypes attribute will be overwritten by the service or system which manages the setting. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">None</command:parameterValue><command:parameterValue required="true" variableLength="false">DES</command:parameterValue><command:parameterValue required="true" variableLength="false">RC4</command:parameterValue><command:parameterValue required="true" variableLength="false">AES128</command:parameterValue><command:parameterValue required="true" variableLength="false">AES256</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain.</maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PrincipalsAllowedToDelegateToAccount</maml:name><maml:description><maml:para>Specifies the accounts which can act on the behalf of users to services running as this Managed Service Account or Group Managed Service Account. This parameter sets the msDS-AllowedToActOnBehalfOfOtherIdentity attribute of the object. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PrincipalsAllowedToRetrieveManagedPassword</maml:name><maml:description><maml:para>Specifies the membership policy for systems which can use a group managed service account. For a service to run under a group managed service account, the system must be in the membership policy of the account. This parameter sets the msDS-GroupMSAMembership attribute of a group managed service account object. This parameter should be set to the principals allowed to use this group managed service account. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is:</maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is:</maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SamAccountName</maml:name><maml:description><maml:para>Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. The maximum length of the description is 256 characters. To be compatible with older operating systems, create a SAM account name that is 20 characters or less. This parameter sets the SAMAccountName for an account object. The LDAP display name (ldapDisplayName) for this property is sAMAccountName.</maml:para><maml:para>Note: If the string value provided is not terminated with a $ character, the system adds one if needed.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Domain name values: -- Fully qualified domain name (FQDN) -- NetBIOS name</maml:para><maml:para>Directory server values: -- Fully qualified directory server name -- NetBIOS name -- Fully qualified directory server name and port</maml:para><maml:para>The default value for the Server parameter is determined by one of the following methods in the order that they are listed: -- By using Server value from objects passed through the pipeline. -- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. -- By using the domain of the computer running PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ServicePrincipalNames</maml:name><maml:description><maml:para>Specifies the service principal names for the account. This parameter sets the ServicePrincipalNames property of the account. The LDAP display name (ldapDisplayName) for this property is servicePrincipalName. This parameter uses the following syntax to add remove, replace or clear service principal name values. </maml:para><maml:para>Syntax:</maml:para><maml:para>To add values: </maml:para><maml:para>-ServicePrincipalNames @{Add=value1,value2,...}</maml:para><maml:para>To remove values:</maml:para><maml:para>-ServicePrincipalNames @{Remove=value3,value4,...} </maml:para><maml:para>To replace values:</maml:para><maml:para>-ServicePrincipalNames @{Replace=value1,value2,...}</maml:para><maml:para>To clear all values:</maml:para><maml:para>-ServicePrincipalNames $Null</maml:para><maml:para>You can specify more than one change by using a list separated by semicolons. For example, use the following syntax to add and remove service principal names. </maml:para><maml:para>@{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TrustedForDelegation</maml:name><maml:description><maml:para>Indicates whether an account is trusted for Kerberos delegation. A service that runs under an account that is trusted for Kerberos delegation can assume the identity of a client requesting the service. This parameter sets the TrustedForDelegation property of an account object. This value also sets the ADS_UF_TRUSTED_FOR_DELEGATION flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADServiceAccount</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Domain name values: -- Fully qualified domain name (FQDN) -- NetBIOS name</maml:para><maml:para>Directory server values: -- Fully qualified directory server name -- NetBIOS name -- Fully qualified directory server name and port</maml:para><maml:para>The default value for the Server parameter is determined by one of the following methods in the order that they are listed: -- By using Server value from objects passed through the pipeline. -- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. -- By using the domain of the computer running PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies a modified copy of a service account object to use to update the actual Active Directory service account object. When this parameter is used, any modifications made to the modified copy of the object are also made to the corresponding Active Directory object. The cmdlet only updates the object properties that have changed. </maml:para><maml:para>The Instance parameter can only update service account objects that have been retrieved by using the Get-ADServiceAccount cmdlet. When you specify the Instance parameter, you cannot specify other parameters that set properties on the object.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADServiceAccount</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AccountExpirationDate</maml:name><maml:description><maml:para>Specifies the expiration date for an account. When you set this parameter to 0, the account never expires. This parameter sets the AccountExpirationDate property of an account object. The LDAP display name (ldapDisplayName) for this property is accountExpires. </maml:para><maml:para>Use the DateTime syntax when you specify this parameter. Time is assumed to be local time unless otherwise specified. When a time value is not specified, the time is assumed to 12:00:00 AM local time. When a date is not specified, the date is assumed to be the current date. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue><dev:type><maml:name>DateTime</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AccountNotDelegated</maml:name><maml:description><maml:para>Indicates whether the security context of the user is delegated to a service. When this parameter is set to true, the security context of the account is not delegated to a service even when the service account is set as trusted for Kerberos delegation. This parameter sets the AccountNotDelegated property for an Active Directory account. This parameter also sets the ADS_UF_NOT_DELEGATED flag of the Active Directory User Account Control (UAC) attribute. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is:</maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...}</maml:para><maml:para>When you use the Add, Remove, Replace and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthenticationPolicy</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy object. Specify the authentication policy object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthenticationPolicySilo</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy silo object. Specify the authentication policy silo object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicySilo</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Certificates</maml:name><maml:description><maml:para>Specifies an array of certificates. The cmdlet modifies the DER-encoded X.509v3 certificates of the account. These certificates include the public key certificates issued to this account by the Microsoft Certificate Service. This parameter sets the Certificates property of the account object. The LDAP display name (ldapDisplayName) for this property is userCertificate.</maml:para><maml:para>Syntax:</maml:para><maml:para>To add values: </maml:para><maml:para>-Certificates @{Add=value1,value2,...}</maml:para><maml:para>To remove values:</maml:para><maml:para>-Certificates @{Remove=value3,value4,...}</maml:para><maml:para>To replace values:</maml:para><maml:para>-Certificates @{Replace=value1,value2,...}</maml:para><maml:para>To clear all values:</maml:para><maml:para>-Certificates $Null</maml:para><maml:para>You can specify more than one operation by using a list separated by semicolons. For example, use the following syntax to add and remove Certificate values:</maml:para><maml:para>-Certificates @{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>CompoundIdentitySupported</maml:name><maml:description><maml:para>Indicates whether an account supports Kerberos service tickets which includes the authorization data for the user's device. This value sets the compound identity supported flag of the Active Directory msDS-SupportedEncryptionTypes attribute. </maml:para><maml:para>Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore any changes to the flag on the msDS-SupportedEncryptionTypes attribute will be overwritten by the service or system which manages the setting. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DNSHostName</maml:name><maml:description><maml:para>Specifies the DNS host name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Specifies if an account is enabled. An enabled account requires a password. This parameter sets the Enabled property for an account object. This parameter also sets the ADS_UF_ACCOUNTDISABLE flag of the Active Directory User Account Control (UAC) attribute. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HomePage</maml:name><maml:description><maml:para>Specifies the URL of the home page of the object. This parameter sets the homePage property of an Active Directory object. The LDAP Display Name (ldapDisplayName) for this property is wWWHomePage.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADServiceAccount</command:parameterValue><dev:type><maml:name>ADServiceAccount</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies a modified copy of a service account object to use to update the actual Active Directory service account object. When this parameter is used, any modifications made to the modified copy of the object are also made to the corresponding Active Directory object. The cmdlet only updates the object properties that have changed. </maml:para><maml:para>The Instance parameter can only update service account objects that have been retrieved by using the Get-ADServiceAccount cmdlet. When you specify the Instance parameter, you cannot specify other parameters that set properties on the object.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADServiceAccount</command:parameterValue><dev:type><maml:name>ADServiceAccount</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>KerberosEncryptionType</maml:name><maml:description><maml:para>Specifies whether an account supports Kerberos encryption types which are used during creation of service tickets. This value sets the encryption types supported flags of the Active Directory msDS-SupportedEncryptionTypes attribute. The acceptable values for this parameter are: -- None -- DES -- RC4 -- AES128 -- AES256</maml:para><maml:para>None will remove all encryption types from the account may result in the KDC being unable to issue service tickets for services using the account.</maml:para><maml:para>DES is a weak encryption type which is not supported by default since Windows 7 and Windows Server 2008 R2.</maml:para><maml:para>Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore any changes to the flag on the msDS-SupportedEncryptionTypes attribute will be overwritten by the service or system which manages the setting. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADKerberosEncryptionType</command:parameterValue><dev:type><maml:name>ADKerberosEncryptionType</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain.</maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PrincipalsAllowedToDelegateToAccount</maml:name><maml:description><maml:para>Specifies the accounts which can act on the behalf of users to services running as this Managed Service Account or Group Managed Service Account. This parameter sets the msDS-AllowedToActOnBehalfOfOtherIdentity attribute of the object. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue><dev:type><maml:name>ADPrincipal[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PrincipalsAllowedToRetrieveManagedPassword</maml:name><maml:description><maml:para>Specifies the membership policy for systems which can use a group managed service account. For a service to run under a group managed service account, the system must be in the membership policy of the account. This parameter sets the msDS-GroupMSAMembership attribute of a group managed service account object. This parameter should be set to the principals allowed to use this group managed service account. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue><dev:type><maml:name>ADPrincipal[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is:</maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is:</maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SamAccountName</maml:name><maml:description><maml:para>Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. The maximum length of the description is 256 characters. To be compatible with older operating systems, create a SAM account name that is 20 characters or less. This parameter sets the SAMAccountName for an account object. The LDAP display name (ldapDisplayName) for this property is sAMAccountName.</maml:para><maml:para>Note: If the string value provided is not terminated with a $ character, the system adds one if needed.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Domain name values: -- Fully qualified domain name (FQDN) -- NetBIOS name</maml:para><maml:para>Directory server values: -- Fully qualified directory server name -- NetBIOS name -- Fully qualified directory server name and port</maml:para><maml:para>The default value for the Server parameter is determined by one of the following methods in the order that they are listed: -- By using Server value from objects passed through the pipeline. -- By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive. -- By using the domain of the computer running PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ServicePrincipalNames</maml:name><maml:description><maml:para>Specifies the service principal names for the account. This parameter sets the ServicePrincipalNames property of the account. The LDAP display name (ldapDisplayName) for this property is servicePrincipalName. This parameter uses the following syntax to add remove, replace or clear service principal name values. </maml:para><maml:para>Syntax:</maml:para><maml:para>To add values: </maml:para><maml:para>-ServicePrincipalNames @{Add=value1,value2,...}</maml:para><maml:para>To remove values:</maml:para><maml:para>-ServicePrincipalNames @{Remove=value3,value4,...} </maml:para><maml:para>To replace values:</maml:para><maml:para>-ServicePrincipalNames @{Replace=value1,value2,...}</maml:para><maml:para>To clear all values:</maml:para><maml:para>-ServicePrincipalNames $Null</maml:para><maml:para>You can specify more than one change by using a list separated by semicolons. For example, use the following syntax to add and remove service principal names. </maml:para><maml:para>@{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TrustedForDelegation</maml:name><maml:description><maml:para>Indicates whether an account is trusted for Kerberos delegation. A service that runs under an account that is trusted for Kerberos delegation can assume the identity of a client requesting the service. This parameter sets the TrustedForDelegation property of an account object. This value also sets the ADS_UF_TRUSTED_FOR_DELEGATION flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A managed service account object is received by the Identity parameter. </maml:para><maml:para>A managed service account object that was retrieved by using the Get-ADServiceAccount cmdlet and then modified is received by the Instance parameter.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the modified managed service account object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADServiceAccount -Identity service1 -Description "Secretive Data Server" </dev:code><dev:remarks><maml:para>This command sets the description of Managed Service Account service1 to Secretive Data Server. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADServiceAccount -Identity Mongol01ADAM -ServicePrincipalNames @{replace="ADAMwdb/a.contoso.com", "ADAMbdb/a.contoso.com"} </dev:code><dev:remarks><maml:para>This command replaces the value of property ServicePrincipalNames with ADAMwdb/a.contoso.com, ADAMbdb/a.contoso.com. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADServiceAccount -Identity service1 -PrincipalsAllowedToRetrieveManagedPassword "MsaAdmins.corp.contoso.com" </dev:code><dev:remarks><maml:para>This command sets the principals allowed to retrieve the password for this managed service account to be limited to only members of the specified Active Directory group account. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADServiceAccount -Identity AccessTSQA -ServicePrincipalNames @{Add=ACCESSAPP/TSQA.contoso.com} </dev:code><dev:remarks><maml:para>This command modifies the ServicePrincipalNames property for the AccessTSQA MSA by specifying the Identity and ServicePrincipalNames parameters.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADServiceAccount -Identity "AccessTSQA" | Set-ADServiceAccount -ServicePrincipalNames @{Add=ACCESSAPP/TSQA.contoso.com} </dev:code><dev:remarks><maml:para>This command modifies the ServicePrincipalNames property for the AccessTSQA MSA. The command uses the Get-ADServiceAccount cmdlet to get the AccessTSQA MSA, and then passes the AccessTSQA MSA to the current cmdlet by using the pipeline operator. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 6 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$ServiceAccount = Get-ADServiceAccount -Identity "AccessTSQA" PS C:\> $ServiceAccount.ServicePrincipalNames = @{Add=ACCESSAPP/TSQA.contoso.com} PS C:\> Set-ADServiceAccount -Instance $ServiceAccount </dev:code><dev:remarks><maml:para>This example modifies the ServicePrincipalNames property for the AccessTSQA MSA. The example modifies a local instance of the AccessTSQA MSA, and then specifies the Instance parameter for the current cmdlet as the local instance. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291131</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Install-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Uninstall-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ADUser</command:name><maml:description><maml:para>Modifies an Active Directory user.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ADUser</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ADUser cmdlet modifies the properties of an Active Directory user. You can modify commonly used property values by using the cmdlet parameters. Property values that are not associated with cmdlet parameters can be modified by using the Add, Replace, Clear, and Remove parameters. </maml:para><maml:para>The Identity parameter specifies the Active Directory user to modify. You can identify a user by its distinguished name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. You can also set the Identity parameter to an object variable such as $<localUserObject>, or you can pass an object through the pipeline to the Identity parameter. For example, you can use the Get-ADUser cmdlet to retrieve a user object and then pass the object through the pipeline to the Set-ADUser cmdlet. </maml:para><maml:para>The Instance parameter provides a way to update a user object by applying the changes made to a copy of the object. When you set the Instance parameter to a copy of an Active Directory user object that has been modified, the Set-ADUser cmdlet makes the same changes to the original user object. To get a copy of the object to modify, use the Get-ADUser object. The Identity parameter is not allowed when you use the Instance parameter. For more information about the Instance parameter, see the Instance parameter description. For more information about how the Instance concept is used in Active Directory cmdlets, type Get-Help about_ActiveDirectory_Instance. </maml:para><maml:para>Accounts created with the New-ADUser cmdlet will be disabled if no password is provided. </maml:para><maml:para>For AD LDS environments, the Partition parameter must be specified except in the following two conditions: -- The cmdlet is run from an Active Directory provider drive. -- A default naming context or partition is defined for the AD LDS environment. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ADUser</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory user object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADUser</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AccountExpirationDate</maml:name><maml:description><maml:para>Specifies the expiration date for an account. When you set this parameter to 0, the account never expires. This parameter sets the AccountExpirationDate property of an account object. The LDAP Display name (ldapDisplayName) for this property is accountExpires. </maml:para><maml:para>Use the DateTime syntax when you specify this parameter. Time is assumed to be local time unless otherwise specified. When a time value is not specified, the time is assumed to 12:00:00 AM local time. When a date is not specified, the date is assumed to be the current date. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AccountNotDelegated</maml:name><maml:description><maml:para>Specifies whether the security context of the user is delegated to a service. When this parameter is set to $True, the security context of the account is not delegated to a service even when the service account is set as trusted for Kerberos delegation. This parameter sets the AccountNotDelegated property for an Active Directory account. This parameter also sets the ADS_UF_NOT_DELEGATED flag of the Active Directory User Account Control (UAC) attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AllowReversiblePasswordEncryption</maml:name><maml:description><maml:para>Specifies whether reversible password encryption is allowed for the account. This parameter sets the AllowReversiblePasswordEncryption property of the account. This parameter also sets the ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED flag of the Active Directory User Account Control (UAC) attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthenticationPolicy</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy object. Specify the authentication policy object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthenticationPolicySilo</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy silo object. Specify the authentication policy silo object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>CannotChangePassword</maml:name><maml:description><maml:para>Specifies whether the account password can be changed. This parameter sets the CannotChangePassword property of an account. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Certificates</maml:name><maml:description><maml:para>Specifies an array of certificates. The cmdlet modifies the DER-encoded X.509v3 certificates of the account. These certificates include the public key certificates issued to this account by the Microsoft Certificate Service. This parameter sets the Certificates property of the account object. The LDAP Display Name (ldapDisplayName) for this property is userCertificate.</maml:para><maml:para>Syntax: </maml:para><maml:para>To add values: </maml:para><maml:para>-Certificates @{Add=value1,value2,...} </maml:para><maml:para>To remove values: </maml:para><maml:para>-Certificates @{Remove=value3,value4,...} </maml:para><maml:para>To replace values: </maml:para><maml:para>-Certificates @{Replace=value1,value2,...} </maml:para><maml:para>To clear all values: </maml:para><maml:para>-Certificates $null </maml:para><maml:para>You can specify more than one operation by using a list separated by semicolons. For example, use the following syntax to add and remove Certificate values </maml:para><maml:para>-Certificates @{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ChangePasswordAtLogon</maml:name><maml:description><maml:para>Specifies whether a password must be changed during the next logon attempt. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>City</maml:name><maml:description><maml:para>Specifies the user's town or city. This parameter sets the City property of a user. The LDAP display name (ldapDisplayName) of this property is l.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Company</maml:name><maml:description><maml:para>Specifies the user's company. This parameter sets the Company property of a user object. The LDAP display name (ldapDisplayName) of this property is company.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>CompoundIdentitySupported</maml:name><maml:description><maml:para>Specifies whether an account supports Kerberos service tickets which includes the authorization data for the user's device. This value sets the compound identity supported flag of the Active Directory msDS-SupportedEncryptionTypes attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para><maml:para>Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore any changes to the flag on the msDS-SupportedEncryptionTypes attribute will be overwritten by the service or system which manages the setting. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Country</maml:name><maml:description><maml:para>Specifies the country or region code for the user's language of choice. This parameter sets the Country property of a user object. The LDAP Display Name (ldapDisplayName) of this property is c. This value is not used by Windows 2000.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Department</maml:name><maml:description><maml:para>Specifies the user's department. This parameter sets the Department property of a user. The LDAP Display Name (ldapDisplayName) of this property is department.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Division</maml:name><maml:description><maml:para>Specifies the user's division. This parameter sets the Division property of a user object. The LDAP Display Name (ldapDisplayName) of this property is division.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>EmailAddress</maml:name><maml:description><maml:para>Specifies the user's e-mail address. This parameter sets the EmailAddress property of a user object. The LDAP Display Name (ldapDisplayName) of this property is mail.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>EmployeeID</maml:name><maml:description><maml:para>Specifies the user's employee ID. This parameter sets the EmployeeID property of a user object. The LDAP Display Name (ldapDisplayName) of this property is employeeID.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>EmployeeNumber</maml:name><maml:description><maml:para>Specifies the user's employee number. This parameter sets the EmployeeNumber property of a user object. The LDAP Display Name (ldapDisplayName) of this property is employeeNumber.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Specifies if an account is enabled. An enabled account requires a password. This parameter sets the Enabled property for an account object. This parameter also sets the ADS_UF_ACCOUNTDISABLE flag of the Active Directory User Account Control (UAC) attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Fax</maml:name><maml:description><maml:para>Specifies the user's fax phone number. This parameter sets the Fax property of a user object. The LDAP Display Name (ldapDisplayName) of this property is facsimileTelephoneNumber.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>GivenName</maml:name><maml:description><maml:para>Specifies the user's given name. This parameter sets the GivenName property of a user object. The LDAP Display Name (ldapDisplayName) of this property is givenName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HomeDirectory</maml:name><maml:description><maml:para>Specifies a user's home directory. This parameter sets the HomeDirectory property of a user object. The LDAP Display Name (ldapDisplayName) for this property is homeDirectory.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HomeDrive</maml:name><maml:description><maml:para>Specifies a drive that is associated with the UNC path defined by the HomeDirectory property. The drive letter is specified as <DriveLetter>: where <DriveLetter> indicates the letter of the drive to associate. The <DriveLetter> must be a single, uppercase letter and the colon is required. This parameter sets the HomeDrive property of the user object. The LDAP Display Name (ldapDisplayName) for this property is homeDrive.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HomePage</maml:name><maml:description><maml:para>Specifies the URL of the home page of the object. This parameter sets the homePage property of an Active Directory object. The LDAP Display Name (ldapDisplayName) for this property is wWWHomePage.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HomePhone</maml:name><maml:description><maml:para>Specifies the user's home telephone number. This parameter sets the HomePhone property of a user. The LDAP Display Name (ldapDisplayName) of this property is homePhone.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Initials</maml:name><maml:description><maml:para>Specifies the initials that represent part of a user's name. You can use this value for the user's middle initial. This parameter sets the Initials property of a user. The LDAP Display Name (ldapDisplayName) of this property is initials.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>KerberosEncryptionType</maml:name><maml:description><maml:para>Specifies whether an account supports Kerberos encryption types which are used during creation of service tickets. This value sets the encryption types supported flags of the Active Directory msDS-SupportedEncryptionTypes attribute. The acceptable values for this parameter are: -- None -- DES -- RC4 -- AES128 -- AES256 </maml:para><maml:para>None will remove all encryption types from the account resulting the KDC being unable to issue service tickets for services using the account.</maml:para><maml:para>DES is a weak encryption type which is not supported by default since Windows 7 and Windows Server 2008 R2.</maml:para><maml:para>Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore any changes to the flag on the msDS-SupportedEncryptionTypes attribute will be overwritten by the service or system which manages the setting.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">None</command:parameterValue><command:parameterValue required="true" variableLength="false">DES</command:parameterValue><command:parameterValue required="true" variableLength="false">RC4</command:parameterValue><command:parameterValue required="true" variableLength="false">AES128</command:parameterValue><command:parameterValue required="true" variableLength="false">AES256</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LogonWorkstations</maml:name><maml:description><maml:para>Specifies the computers that the user can access. To specify more than one computer, create a single comma-separated list. You can identify a computer by using the Security Accounts Manager (SAM) account name (sAMAccountName) or the DNS host name of the computer. The SAM account name is the same as the NetBIOS name of the computer. </maml:para><maml:para>The LDAP display name (ldapDisplayName) for this property is "userWorkStations".</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Manager</maml:name><maml:description><maml:para>Specifies the user's manager. This parameter sets the Manager property of a user. This parameter is set by providing one of the following property values. Note: The identifier in parentheses is the LDAP display name for the property. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The LDAP Display Name (ldapDisplayName) of this property is manager.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADUser</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>MobilePhone</maml:name><maml:description><maml:para>Specifies the user's mobile phone number. This parameter sets the MobilePhone property of a user object. The LDAP Display Name (ldapDisplayName) of this property is mobile.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Office</maml:name><maml:description><maml:para>Specifies the location of the user's office or place of business. This parameter sets the Office property of a user object. The LDAP display name (ldapDisplayName) of this property is office.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OfficePhone</maml:name><maml:description><maml:para>Specifies the user's office telephone number. This parameter sets the OfficePhone property of a user object. The LDAP display name (ldapDisplayName) of this property is telephoneNumber.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Organization</maml:name><maml:description><maml:para>Specifies the user's organization. This parameter sets the Organization property of a user object. The LDAP display name (ldapDisplayName) of this property is o.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherName</maml:name><maml:description><maml:para>Specifies a name in addition to a user's given name and surname, such as the user's middle name. This parameter sets the OtherName property of a user object. The LDAP Display Name (ldapDisplayName) of this property is middleName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PasswordNeverExpires</maml:name><maml:description><maml:para>Specifies whether the password of an account can expire. This parameter sets the PasswordNeverExpires property of an account object. This parameter also sets the ADS_UF_DONT_EXPIRE_PASSWD flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para><maml:para>Note: This parameter cannot be set to $True or 1 for an account that also has the ChangePasswordAtLogon property set to $True. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PasswordNotRequired</maml:name><maml:description><maml:para>Specifies whether the account requires a password. This parameter sets the PasswordNotRequired property of an account, such as a user or computer account. This parameter also sets the ADS_UF_PASSWD_NOTREQD flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>POBox</maml:name><maml:description><maml:para>Specifies the user's post office box number. This parameter sets the POBox property of a user object. The LDAP Display Name (ldapDisplayName) of this property is postOfficeBox.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PostalCode</maml:name><maml:description><maml:para>Specifies the user's postal code or zip code. This parameter sets the PostalCode property of a user. The LDAP Display Name (ldapDisplayName) of this property is postalCode.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PrincipalsAllowedToDelegateToAccount</maml:name><maml:description><maml:para>Specifies an array of principal objects. This parameter sets the msDS-AllowedToActOnBehalfOfOtherIdentity attribute of a computer account object. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProfilePath</maml:name><maml:description><maml:para>Specifies a path to the user's profile. This value can be a local absolute path or a Universal Naming Convention (UNC) path. This parameter sets the ProfilePath property of the user object. The LDAP display name (ldapDisplayName) for this property is profilePath.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is: </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SamAccountName</maml:name><maml:description><maml:para>Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. The maximum length of the description is 256 characters. To be compatible with older operating systems, create a SAM account name that is 20 characters or less. This parameter sets the SAMAccountName for an account object. The LDAP display name (ldapDisplayName) for this property is sAMAccountName. </maml:para><maml:para>Note: If the string value provided is not terminated with a $ character, the system adds one if needed. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ScriptPath</maml:name><maml:description><maml:para>Specifies a path to the user's log on script. This value can be a local absolute path or a Universal Naming Convention (UNC) path. This parameter sets the ScriptPath property of the user. The LDAP display name (ldapDisplayName) for this property is scriptPath.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ServicePrincipalNames</maml:name><maml:description><maml:para>Specifies the service principal names for the account. This parameter sets the ServicePrincipalNames property of the account. The LDAP display name (ldapDisplayName) for this property is servicePrincipalName. This parameter uses the following syntax to add remove, replace or clear service principal name values: </maml:para><maml:para>Syntax: </maml:para><maml:para>To add values: </maml:para><maml:para>-ServicePrincipalNames @{Add=value1,value2,...} </maml:para><maml:para>To remove values: </maml:para><maml:para>-ServicePrincipalNames @{Remove=value3,value4,...} </maml:para><maml:para>To replace values: </maml:para><maml:para>-ServicePrincipalNames @{Replace=value1,value2,...} </maml:para><maml:para>To clear all values: </maml:para><maml:para>-ServicePrincipalNames $null </maml:para><maml:para>You can specify more than one change by using a list separated by semicolons. For example, use the following syntax to add and remove service principal names. </maml:para><maml:para>@{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SmartcardLogonRequired</maml:name><maml:description><maml:para>Specifies whether a smart card is required to logon. This parameter sets the SmartCardLoginRequired property for a user. This parameter also sets the ADS_UF_SMARTCARD_REQUIRED flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>State</maml:name><maml:description><maml:para>Specifies the user's or Organizational Unit's state or province. This parameter sets the State property of a User or Organizational Unit object. The LDAP display name (ldapDisplayName) of this property is st.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>StreetAddress</maml:name><maml:description><maml:para>Specifies the user's street address. This parameter sets the StreetAddress property of a user object. The LDAP display name (ldapDisplayName) of this property is streetAddress.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Surname</maml:name><maml:description><maml:para>Specifies the user's last name or surname. This parameter sets the Surname property of a user object. The LDAP display name (ldapDisplayName) of this property is sn.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Title</maml:name><maml:description><maml:para>Specifies the user's title. This parameter sets the Title property of a user object. The LDAP display name (ldapDisplayName) of this property is title.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TrustedForDelegation</maml:name><maml:description><maml:para>Specifies whether an account is trusted for Kerberos delegation. A service that runs under an account that is trusted for Kerberos delegation can assume the identity of a client requesting the service. This parameter sets the TrustedForDelegation property of an account object. This value also sets the ADS_UF_TRUSTED_FOR_DELEGATION flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UserPrincipalName</maml:name><maml:description><maml:para>Specifies a user principal name (UPN) in the format <user>@<DNS-domain-name>. A UPN is a friendly name assigned by an administrator that is shorter than the LDAP distinguished name used by the system and easier to remember. The UPN is independent of the user object's DN, so a user object can be moved or renamed without affecting the user logon name. When logging on using a UPN, users no longer have to choose a domain from a list on the logon dialog box. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-ADUser</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SamAccountName</maml:name><maml:description><maml:para>Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. The maximum length of the description is 256 characters. To be compatible with older operating systems, create a SAM account name that is 20 characters or less. This parameter sets the SAMAccountName for an account object. The LDAP display name (ldapDisplayName) for this property is sAMAccountName. </maml:para><maml:para>Note: If the string value provided is not terminated with a $ character, the system adds one if needed. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an ADUser object that identifies the Active Directory user object that should be modified and the set of changes that should be made to that object. When this parameter is used, any modifications made to the ADUser object are also made to the corresponding Active Directory object. The cmdlet only updates the object properties that have changed. </maml:para><maml:para>The ADUser object specified as the value of the Instance parameter must have been retrieved by using the Get-ADUser cmdlet. When you specify the Instance parameter, you cannot specify other parameters that set individual properties on the object. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADUser</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AccountExpirationDate</maml:name><maml:description><maml:para>Specifies the expiration date for an account. When you set this parameter to 0, the account never expires. This parameter sets the AccountExpirationDate property of an account object. The LDAP Display name (ldapDisplayName) for this property is accountExpires. </maml:para><maml:para>Use the DateTime syntax when you specify this parameter. Time is assumed to be local time unless otherwise specified. When a time value is not specified, the time is assumed to 12:00:00 AM local time. When a date is not specified, the date is assumed to be the current date. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue><dev:type><maml:name>DateTime</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AccountNotDelegated</maml:name><maml:description><maml:para>Specifies whether the security context of the user is delegated to a service. When this parameter is set to $True, the security context of the account is not delegated to a service even when the service account is set as trusted for Kerberos delegation. This parameter sets the AccountNotDelegated property for an Active Directory account. This parameter also sets the ADS_UF_NOT_DELEGATED flag of the Active Directory User Account Control (UAC) attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Add</maml:name><maml:description><maml:para>Specifies values to add to an object property. Use this parameter to add one or more values to a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can specify multiple values to a property by specifying a comma-separated list of values and more than one property by separating them using a semicolon. The format for this parameter is: </maml:para><maml:para>-Add @{Attribute1LDAPDisplayName=value1, value2, ...; Attribute2LDAPDisplayName=value1, value2, ...; AttributeNLDAPDisplayName=value1, value2, ...} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AllowReversiblePasswordEncryption</maml:name><maml:description><maml:para>Specifies whether reversible password encryption is allowed for the account. This parameter sets the AllowReversiblePasswordEncryption property of the account. This parameter also sets the ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED flag of the Active Directory User Account Control (UAC) attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthenticationPolicy</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy object. Specify the authentication policy object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicy</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthenticationPolicySilo</maml:name><maml:description><maml:para>Specifies an Active Directory Domain Services authentication policy silo object. Specify the authentication policy silo object in one of the following formats: -- Distinguished Name -- GUID -- Name</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If the cmdlet finds two or more objects, the cmdlet returns a non-terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthenticationPolicySilo</command:parameterValue><dev:type><maml:name>ADAuthenticationPolicySilo</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>CannotChangePassword</maml:name><maml:description><maml:para>Specifies whether the account password can be changed. This parameter sets the CannotChangePassword property of an account. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Certificates</maml:name><maml:description><maml:para>Specifies an array of certificates. The cmdlet modifies the DER-encoded X.509v3 certificates of the account. These certificates include the public key certificates issued to this account by the Microsoft Certificate Service. This parameter sets the Certificates property of the account object. The LDAP Display Name (ldapDisplayName) for this property is userCertificate.</maml:para><maml:para>Syntax: </maml:para><maml:para>To add values: </maml:para><maml:para>-Certificates @{Add=value1,value2,...} </maml:para><maml:para>To remove values: </maml:para><maml:para>-Certificates @{Remove=value3,value4,...} </maml:para><maml:para>To replace values: </maml:para><maml:para>-Certificates @{Replace=value1,value2,...} </maml:para><maml:para>To clear all values: </maml:para><maml:para>-Certificates $null </maml:para><maml:para>You can specify more than one operation by using a list separated by semicolons. For example, use the following syntax to add and remove Certificate values </maml:para><maml:para>-Certificates @{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ChangePasswordAtLogon</maml:name><maml:description><maml:para>Specifies whether a password must be changed during the next logon attempt. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>City</maml:name><maml:description><maml:para>Specifies the user's town or city. This parameter sets the City property of a user. The LDAP display name (ldapDisplayName) of this property is l.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Clear</maml:name><maml:description><maml:para>Specifies an array of object properties that will be cleared in the directory. Use this parameter to clear one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Clear Attribute1LDAPDisplayName, Attribute2LDAPDisplayName </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Company</maml:name><maml:description><maml:para>Specifies the user's company. This parameter sets the Company property of a user object. The LDAP display name (ldapDisplayName) of this property is company.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>CompoundIdentitySupported</maml:name><maml:description><maml:para>Specifies whether an account supports Kerberos service tickets which includes the authorization data for the user's device. This value sets the compound identity supported flag of the Active Directory msDS-SupportedEncryptionTypes attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para><maml:para>Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore any changes to the flag on the msDS-SupportedEncryptionTypes attribute will be overwritten by the service or system which manages the setting. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Country</maml:name><maml:description><maml:para>Specifies the country or region code for the user's language of choice. This parameter sets the Country property of a user object. The LDAP Display Name (ldapDisplayName) of this property is c. This value is not used by Windows 2000.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.</maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Department</maml:name><maml:description><maml:para>Specifies the user's department. This parameter sets the Department property of a user. The LDAP Display Name (ldapDisplayName) of this property is department.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Description</maml:name><maml:description><maml:para>Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is description.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP Display Name (ldapDisplayName) for this property is displayName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Division</maml:name><maml:description><maml:para>Specifies the user's division. This parameter sets the Division property of a user object. The LDAP Display Name (ldapDisplayName) of this property is division.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>EmailAddress</maml:name><maml:description><maml:para>Specifies the user's e-mail address. This parameter sets the EmailAddress property of a user object. The LDAP Display Name (ldapDisplayName) of this property is mail.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>EmployeeID</maml:name><maml:description><maml:para>Specifies the user's employee ID. This parameter sets the EmployeeID property of a user object. The LDAP Display Name (ldapDisplayName) of this property is employeeID.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>EmployeeNumber</maml:name><maml:description><maml:para>Specifies the user's employee number. This parameter sets the EmployeeNumber property of a user object. The LDAP Display Name (ldapDisplayName) of this property is employeeNumber.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Enabled</maml:name><maml:description><maml:para>Specifies if an account is enabled. An enabled account requires a password. This parameter sets the Enabled property for an account object. This parameter also sets the ADS_UF_ACCOUNTDISABLE flag of the Active Directory User Account Control (UAC) attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Fax</maml:name><maml:description><maml:para>Specifies the user's fax phone number. This parameter sets the Fax property of a user object. The LDAP Display Name (ldapDisplayName) of this property is facsimileTelephoneNumber.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>GivenName</maml:name><maml:description><maml:para>Specifies the user's given name. This parameter sets the GivenName property of a user object. The LDAP Display Name (ldapDisplayName) of this property is givenName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HomeDirectory</maml:name><maml:description><maml:para>Specifies a user's home directory. This parameter sets the HomeDirectory property of a user object. The LDAP Display Name (ldapDisplayName) for this property is homeDirectory.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HomeDrive</maml:name><maml:description><maml:para>Specifies a drive that is associated with the UNC path defined by the HomeDirectory property. The drive letter is specified as <DriveLetter>: where <DriveLetter> indicates the letter of the drive to associate. The <DriveLetter> must be a single, uppercase letter and the colon is required. This parameter sets the HomeDrive property of the user object. The LDAP Display Name (ldapDisplayName) for this property is homeDrive.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HomePage</maml:name><maml:description><maml:para>Specifies the URL of the home page of the object. This parameter sets the homePage property of an Active Directory object. The LDAP Display Name (ldapDisplayName) for this property is wWWHomePage.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HomePhone</maml:name><maml:description><maml:para>Specifies the user's home telephone number. This parameter sets the HomePhone property of a user. The LDAP Display Name (ldapDisplayName) of this property is homePhone.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory user object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADUser</command:parameterValue><dev:type><maml:name>ADUser</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Initials</maml:name><maml:description><maml:para>Specifies the initials that represent part of a user's name. You can use this value for the user's middle initial. This parameter sets the Initials property of a user. The LDAP Display Name (ldapDisplayName) of this property is initials.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Instance</maml:name><maml:description><maml:para>Specifies an ADUser object that identifies the Active Directory user object that should be modified and the set of changes that should be made to that object. When this parameter is used, any modifications made to the ADUser object are also made to the corresponding Active Directory object. The cmdlet only updates the object properties that have changed. </maml:para><maml:para>The ADUser object specified as the value of the Instance parameter must have been retrieved by using the Get-ADUser cmdlet. When you specify the Instance parameter, you cannot specify other parameters that set individual properties on the object. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADUser</command:parameterValue><dev:type><maml:name>ADUser</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>KerberosEncryptionType</maml:name><maml:description><maml:para>Specifies whether an account supports Kerberos encryption types which are used during creation of service tickets. This value sets the encryption types supported flags of the Active Directory msDS-SupportedEncryptionTypes attribute. The acceptable values for this parameter are: -- None -- DES -- RC4 -- AES128 -- AES256 </maml:para><maml:para>None will remove all encryption types from the account resulting the KDC being unable to issue service tickets for services using the account.</maml:para><maml:para>DES is a weak encryption type which is not supported by default since Windows 7 and Windows Server 2008 R2.</maml:para><maml:para>Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore any changes to the flag on the msDS-SupportedEncryptionTypes attribute will be overwritten by the service or system which manages the setting.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADKerberosEncryptionType</command:parameterValue><dev:type><maml:name>ADKerberosEncryptionType</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>LogonWorkstations</maml:name><maml:description><maml:para>Specifies the computers that the user can access. To specify more than one computer, create a single comma-separated list. You can identify a computer by using the Security Accounts Manager (SAM) account name (sAMAccountName) or the DNS host name of the computer. The SAM account name is the same as the NetBIOS name of the computer. </maml:para><maml:para>The LDAP display name (ldapDisplayName) for this property is "userWorkStations".</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Manager</maml:name><maml:description><maml:para>Specifies the user's manager. This parameter sets the Manager property of a user. This parameter is set by providing one of the following property values. Note: The identifier in parentheses is the LDAP display name for the property. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The LDAP Display Name (ldapDisplayName) of this property is manager.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADUser</command:parameterValue><dev:type><maml:name>ADUser</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>MobilePhone</maml:name><maml:description><maml:para>Specifies the user's mobile phone number. This parameter sets the MobilePhone property of a user object. The LDAP Display Name (ldapDisplayName) of this property is mobile.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Office</maml:name><maml:description><maml:para>Specifies the location of the user's office or place of business. This parameter sets the Office property of a user object. The LDAP display name (ldapDisplayName) of this property is office.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OfficePhone</maml:name><maml:description><maml:para>Specifies the user's office telephone number. This parameter sets the OfficePhone property of a user object. The LDAP display name (ldapDisplayName) of this property is telephoneNumber.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Organization</maml:name><maml:description><maml:para>Specifies the user's organization. This parameter sets the Organization property of a user object. The LDAP display name (ldapDisplayName) of this property is o.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OtherName</maml:name><maml:description><maml:para>Specifies a name in addition to a user's given name and surname, such as the user's middle name. This parameter sets the OtherName property of a user object. The LDAP Display Name (ldapDisplayName) of this property is middleName.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>POBox</maml:name><maml:description><maml:para>Specifies the user's post office box number. This parameter sets the POBox property of a user object. The LDAP Display Name (ldapDisplayName) of this property is postOfficeBox.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter. </maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain. </maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PasswordNeverExpires</maml:name><maml:description><maml:para>Specifies whether the password of an account can expire. This parameter sets the PasswordNeverExpires property of an account object. This parameter also sets the ADS_UF_DONT_EXPIRE_PASSWD flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para><maml:para>Note: This parameter cannot be set to $True or 1 for an account that also has the ChangePasswordAtLogon property set to $True. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PasswordNotRequired</maml:name><maml:description><maml:para>Specifies whether the account requires a password. This parameter sets the PasswordNotRequired property of an account, such as a user or computer account. This parameter also sets the ADS_UF_PASSWD_NOTREQD flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PostalCode</maml:name><maml:description><maml:para>Specifies the user's postal code or zip code. This parameter sets the PostalCode property of a user. The LDAP Display Name (ldapDisplayName) of this property is postalCode.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PrincipalsAllowedToDelegateToAccount</maml:name><maml:description><maml:para>Specifies an array of principal objects. This parameter sets the msDS-AllowedToActOnBehalfOfOtherIdentity attribute of a computer account object. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">ADPrincipal[]</command:parameterValue><dev:type><maml:name>ADPrincipal[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ProfilePath</maml:name><maml:description><maml:para>Specifies a path to the user's profile. This value can be a local absolute path or a Universal Naming Convention (UNC) path. This parameter sets the ProfilePath property of the user object. The LDAP display name (ldapDisplayName) for this property is profilePath.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Remove</maml:name><maml:description><maml:para>Specifies that the cmdlet remove values of an object property. Use this parameter to remove one or more values of a property that cannot be modified using a cmdlet parameter. To remove an object property, you must use the LDAP display name. You can remove more than one property by specifying a semicolon-separated list. The format for this parameter is: </maml:para><maml:para>-Remove @{Attribute1LDAPDisplayName=value[]; Attribute2LDAPDisplayName=value[]}</maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the parameters will be applied in the following sequence: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Replace</maml:name><maml:description><maml:para>Specifies values for an object property that will replace the current values. Use this parameter to replace one or more values of a property that cannot be modified using a cmdlet parameter. To modify an object property, you must use the LDAP display name. You can modify more than one property by specifying a comma-separated list. The format for this parameter is: </maml:para><maml:para>-Replace @{Attribute1LDAPDisplayName=value[], Attribute2LDAPDisplayName=value[]} </maml:para><maml:para>When you use the Add, Remove, Replace, and Clear parameters together, the operations will be performed in the following order: -- Remove -- Add -- Replace -- Clear</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SamAccountName</maml:name><maml:description><maml:para>Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. The maximum length of the description is 256 characters. To be compatible with older operating systems, create a SAM account name that is 20 characters or less. This parameter sets the SAMAccountName for an account object. The LDAP display name (ldapDisplayName) for this property is sAMAccountName. </maml:para><maml:para>Note: If the string value provided is not terminated with a $ character, the system adds one if needed. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ScriptPath</maml:name><maml:description><maml:para>Specifies a path to the user's log on script. This value can be a local absolute path or a Universal Naming Convention (UNC) path. This parameter sets the ScriptPath property of the user. The LDAP display name (ldapDisplayName) for this property is scriptPath.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ServicePrincipalNames</maml:name><maml:description><maml:para>Specifies the service principal names for the account. This parameter sets the ServicePrincipalNames property of the account. The LDAP display name (ldapDisplayName) for this property is servicePrincipalName. This parameter uses the following syntax to add remove, replace or clear service principal name values: </maml:para><maml:para>Syntax: </maml:para><maml:para>To add values: </maml:para><maml:para>-ServicePrincipalNames @{Add=value1,value2,...} </maml:para><maml:para>To remove values: </maml:para><maml:para>-ServicePrincipalNames @{Remove=value3,value4,...} </maml:para><maml:para>To replace values: </maml:para><maml:para>-ServicePrincipalNames @{Replace=value1,value2,...} </maml:para><maml:para>To clear all values: </maml:para><maml:para>-ServicePrincipalNames $null </maml:para><maml:para>You can specify more than one change by using a list separated by semicolons. For example, use the following syntax to add and remove service principal names. </maml:para><maml:para>@{Add=value1,value2,...};@{Remove=value3,value4,...} </maml:para><maml:para>The operators will be applied in the following sequence: </maml:para><maml:para>..Remove </maml:para><maml:para>..Add </maml:para><maml:para>..Replace </maml:para></maml:description><command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue><dev:type><maml:name>Hashtable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SmartcardLogonRequired</maml:name><maml:description><maml:para>Specifies whether a smart card is required to logon. This parameter sets the SmartCardLoginRequired property for a user. This parameter also sets the ADS_UF_SMARTCARD_REQUIRED flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>State</maml:name><maml:description><maml:para>Specifies the user's or Organizational Unit's state or province. This parameter sets the State property of a User or Organizational Unit object. The LDAP display name (ldapDisplayName) of this property is st.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>StreetAddress</maml:name><maml:description><maml:para>Specifies the user's street address. This parameter sets the StreetAddress property of a user object. The LDAP display name (ldapDisplayName) of this property is streetAddress.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Surname</maml:name><maml:description><maml:para>Specifies the user's last name or surname. This parameter sets the Surname property of a user object. The LDAP display name (ldapDisplayName) of this property is sn.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Title</maml:name><maml:description><maml:para>Specifies the user's title. This parameter sets the Title property of a user object. The LDAP display name (ldapDisplayName) of this property is title.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TrustedForDelegation</maml:name><maml:description><maml:para>Specifies whether an account is trusted for Kerberos delegation. A service that runs under an account that is trusted for Kerberos delegation can assume the identity of a client requesting the service. This parameter sets the TrustedForDelegation property of an account object. This value also sets the ADS_UF_TRUSTED_FOR_DELEGATION flag of the Active Directory User Account Control attribute. The acceptable values for this parameter are: -- $False or 0 -- $True or 1</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>UserPrincipalName</maml:name><maml:description><maml:para>Specifies a user principal name (UPN) in the format <user>@<DNS-domain-name>. A UPN is a friendly name assigned by an administrator that is shorter than the LDAP distinguished name used by the system and easier to remember. The UPN is independent of the user object's DN, so a user object can be moved or renamed without affecting the user logon name. When logging on using a UPN, users no longer have to choose a domain from a list on the logon dialog box. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADUser</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A user object is received by the Identity parameter. </maml:para><maml:para>A user object that was retrieved by using the Get-ADUser cmdlet and then modified is received by the Instance parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADUser</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Returns the modified user object when the PassThru parameter is specified. By default, this cmdlet does not generate any output. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADUser -Identity AntonioAl -HomePage 'http://fabrikam.com/employees/AntonioAl' -LogonWorkstations 'AntonioAl-DSKTOP,AntonioAl-LPTOP' </dev:code><dev:remarks><maml:para>This command sets the user with samAccountName AntonioAL's property homepage to http://fabrikam.com/employees/AntonioAl and the LogonWorkstations property to AntonioAl-DSKTOP,AntonioAl-LPTOP. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADUser -Filter 'Name -like "*"' -SearchBase 'OU=HumanResources,OU=UserAccounts,DC=FABRIKAM,DC=COM' -Properties DisplayName | % {Set-ADUser $_ -DisplayName ($_.Surname + ' ' + $_.GivenName)} </dev:code><dev:remarks><maml:para>This command gets all the users in the directory that are located underneath the OU=HumanResources,OU=UserAccounts,DC=FABRIKAM,DC=COM organizationalUnit. The command sets the DisplayName property on these user objects to the concatentation of the Surname property and the GivenName property. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADUser -Identity GlenJohn -Replace @{title="director";mail="glenjohn@fabrikam.com"} </dev:code><dev:remarks><maml:para>This command sets the user with samAccountNAme GlenJohn's property title to director and property mail to glenjohn@fabrikam.com. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ADUser -Identity GlenJohn -Remove @{otherMailbox="glen.john"} -Add @{url="fabrikam.com"} -Replace @{title="manager"} -Clear description </dev:code><dev:remarks><maml:para>This command modifies the user with samAccountName GlenJohn's object by removing glen.john from the otherMailbox property, adding fabrikam.com to the url property, replacing the title property with manager and clearing the description property. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$user = Get-ADUser -Identity GlenJohn -Properties mail,department PS C:\> $user.mail = "glen@fabrikam.com" PS C:\> $user.department = "Accounting" PS C:\> Set-ADUser -Instance $user </dev:code><dev:remarks><maml:para>This example sets the mail and department properties on the user object with samAccountName GlenJohn by using the Instance parameter. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 6 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code> PS C:\>$hours = New-Object byte[] 21 PS C:\> $hours[5] = 255; $hours[8] = 255; $hours[11] = 255; $hours[14] = 255; $hours[17] = 255; PS C:\> $hours[6] = 1; $hours[9] = 1; $hours[12] = 1; $hours[15] = 1; $hours[18] = 1; PS C:\> $replaceHashTable = New-Object HashTable PS C:\> $replaceHashTable.Add("logonHours", $hours) PS C:\> $replaceHashTable.Add("description", "Sarah Davis can only logon from Monday through Friday from 8:00 AM to 5:00 PM") PS C:\> Set-ADUser -Identity "SarahDavis" -Replace $replaceHashTable </dev:code><dev:remarks><maml:para>This example sets the user logon hours to Monday through Friday from 8:00 AM to 5:00 PM and adds a description. It updates the logonHours attribute with the specified byte array and the description attribute with the specified string. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 7 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code> PS C:\>$manager = Get-ADUser -Identity GlenJohn -Server Corp-DC01 PS C:\> Set-ADUser -Identity AntonioAl -Manager $manager -Server Branch-DC02 </dev:code><dev:remarks><maml:para>This example sets the Manager property for user with samAccountName of AntonioAL where the manager, GlenJohn, is a user in another domain.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 8 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADUser -Identity " DavidChew" | Set-ADUser -Manager "ElisaDaugherty" </dev:code><dev:remarks><maml:para>This command modifies the Manager property for the DavidChew user. The command uses the Get-ADUser cmdlet to get DavidChew user, and then passes the object to the current cmdlet by using the pipeline operator. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291132</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADUser</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADUser</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADUser</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADAccountControl</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Show-ADAuthenticationPolicyExpression</command:name><maml:description><maml:para>Displays the Edit Access Control Conditions window update or create security descriptor definition language (SDDL) security descriptors.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Show</command:verb><command:noun>ADAuthenticationPolicyExpression</command:noun><dev:version /></command:details><maml:description><maml:para>The Show-ADAuthenticationPolicyExpression cmdlet creates or modifies an SDDL security descriptor using the Edit Access Control Conditions window. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Show-ADAuthenticationPolicyExpression</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>SDDL</maml:name><maml:description><maml:para>Specifies the SDDL of the security descriptor. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Title</maml:name><maml:description><maml:para>Specifies a title for the SDDL security descriptor.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- A fully qualified domain name ---- A NetBIOS name -- Directory server values: ---- A fully qualified directory server name ---- A NetBIOS name ---- A fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AllowedToAuthenticateFrom</maml:name><maml:description><maml:para>Indicates that the AllowedToAuthenticateFrom listings for an object are displayed in the Edit Access Control Conditions window.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Show-ADAuthenticationPolicyExpression</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>SDDL</maml:name><maml:description><maml:para>Specifies the SDDL of the security descriptor. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Title</maml:name><maml:description><maml:para>Specifies a title for the SDDL security descriptor.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- A fully qualified domain name ---- A NetBIOS name -- Directory server values: ---- A fully qualified directory server name ---- A NetBIOS name ---- A fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AllowedToAuthenticateTo</maml:name><maml:description><maml:para>Indicates that the AllowedToAuthenticateTo listings for an object are displayed in the Edit Access Control Conditions window.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AllowedToAuthenticateFrom</maml:name><maml:description><maml:para>Indicates that the AllowedToAuthenticateFrom listings for an object are displayed in the Edit Access Control Conditions window.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AllowedToAuthenticateTo</maml:name><maml:description><maml:para>Indicates that the AllowedToAuthenticateTo listings for an object are displayed in the Edit Access Control Conditions window.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1 </maml:para><maml:para>The default authentication method is Negotiate. A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. </maml:para><maml:para>By default, the cmdlet uses the credentials of the currently logged on user unless the cmdlet is run from an Active Directory Domain ServicesWindows PowerShell provider drive. If you run the cmdlet in a provider drive, the account associated with the drive is the default.</maml:para><maml:para>If you specify credentials that do not have permission to perform the task, the cmdlet returns an error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>SDDL</maml:name><maml:description><maml:para>Specifies the SDDL of the security descriptor. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- A fully qualified domain name ---- A NetBIOS name -- Directory server values: ---- A fully qualified directory server name ---- A NetBIOS name ---- A fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Title</maml:name><maml:description><maml:para>Specifies a title for the SDDL security descriptor.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or System.String</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>This cmdlet accepts a SDDL security descriptor.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>System.Object</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>This cmdlet outputs a SDDL security descriptor.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>Example 1: Retrieve the AllowedToAuthenticateFrom settings and store in a file</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Show-ADAuthenticationPolicyExpression -AllowedToAuthenticateFrom > someFile.txt PS C:\> New-ADAuthenticationPolicy -Name "testAuthenticationPolicy" -UserAllowedToAuthenticateFrom (Get-Acl .\AuthSettings.txt).sddl </dev:code><dev:remarks><maml:para>This command retrieves the AllowedToAuthenticateFrom access control list (ACL) by opening the Edit Access Control Conditions window and stores the ACL in a file named AuthSettings.txt. The file is then used to apply a new authentication policy to the retrieved ACL.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 2: Set the UserAllowedToAuthenticateFrom property</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-ADAuthenticationPolicy -Name "testAuthenticationPolicy" -UserAllowedToAuthenticateFrom (Show-ADAuthenticationPolicyExpression -AllowedToAuthenticateFrom) </dev:code><dev:remarks><maml:para>This example uses the New-ADAuthenticationPolicy cmdlet to create an authentication policy, and then sets the UserAllowedToAuthenticateFrom property by specifying the Show-ADAuthenticationPolicyExpression cmdlet as the value for the parameter.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=298321</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Sync-ADObject</command:name><maml:description><maml:para>Replicates a single object between any two domain controllers that have partitions in common. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Sync</command:verb><command:noun>ADObject</command:noun><dev:version /></command:details><maml:description><maml:para>The Sync-ADObject cmdlet replicates a single object between any two domain controllers that have partitions in common. The two domain controllers do not need to be direct replication partners. It can also be used to populate passwords in a read-only domain controller (RODC) cache. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Sync-ADObject</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Object</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADOrganizationalUnit -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy -- Microsoft.ActiveDirectory.Management.ADDomain</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADObject</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Source</maml:name><maml:description><maml:para>Specifies the identity of the Active Directory server that acts as the source for synchronizing this data. This parameter works similarly to the Server parameter as used on the Set-ADObject cmdlet with some restrictions. It does not allow domain or forest names to be used. </maml:para><maml:para>Valid formats for specifying the destination server are the following: -- Host name -- Host name and port -- Fully qualified directory server name and port -- IP address -- IP address and port</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="3" aliases="Server,HostName,IPv4Address"><maml:name>Destination</maml:name><maml:description><maml:para>Specifies the identity of the Active Directory server that acts as the destination for synchronizing this data. This parameter works similarly to the Server parameter as used on the Set-ADObject cmdlet with some restrictions. It does not allow domain or forest names to be used. </maml:para><maml:para>Valid formats for specifying the destination server are the following: -- Host name -- Host name and port -- Fully qualified directory server name and port -- IP address -- IP address and port</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user. </maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PasswordOnly</maml:name><maml:description><maml:para>Specifies whether the cmdlet populates a read-only domain controller (RODC) password cache with the password of the account specified in the Object parameter. If specified, no other data is replicated other than the password. </maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate. </maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default is the current user. </maml:para><maml:para>Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object, such as one generated by the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. If you type a user name, you will be prompted for a password. </maml:para><maml:para>This parameter is not supported by any providers installed with Windows PowerShell. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="3" aliases="Server,HostName,IPv4Address"><maml:name>Destination</maml:name><maml:description><maml:para>Specifies the identity of the Active Directory server that acts as the destination for synchronizing this data. This parameter works similarly to the Server parameter as used on the Set-ADObject cmdlet with some restrictions. It does not allow domain or forest names to be used. </maml:para><maml:para>Valid formats for specifying the destination server are the following: -- Host name -- Host name and port -- Fully qualified directory server name and port -- IP address -- IP address and port</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Object</maml:name><maml:description><maml:para>Specifies an Active Directory object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADOrganizationalUnit -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy -- Microsoft.ActiveDirectory.Management.ADDomain</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADObject</command:parameterValue><dev:type><maml:name>ADObject</maml:name><maml:uri /></dev:type><dev:defaultValue>None</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>False</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PasswordOnly</maml:name><maml:description><maml:para>Specifies whether the cmdlet populates a read-only domain controller (RODC) password cache with the password of the account specified in the Object parameter. If specified, no other data is replicated other than the password. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>False</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Source</maml:name><maml:description><maml:para>Specifies the identity of the Active Directory server that acts as the source for synchronizing this data. This parameter works similarly to the Server parameter as used on the Set-ADObject cmdlet with some restrictions. It does not allow domain or forest names to be used. </maml:para><maml:para>Valid formats for specifying the destination server are the following: -- Host name -- Host name and port -- Fully qualified directory server name and port -- IP address -- IP address and port</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.ActiveDirectory.Management.ADObject</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Derived types, such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADGroup -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADOrganizationalUnit -- Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy -- Microsoft.ActiveDirectory.Management.ADDomain</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name></maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Sync-ADObject -Object "CN=AccountManagers,OU=AccountDeptOU,DC=corp,DC=contoso,DC=com" -Source "corp-DC01" -Destination "corp-DC02" </dev:code><dev:remarks><maml:para>This command replicates an object with DistinguishedName CN=AccountManagers,OU=AccountDeptOU,DC=corp,DC=contoso,DC=com from corp-DC01 to corp-DC02.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ADUser -Identity saradavis | Sync-ADObject -Destination "corp-RODC01" -PasswordOnly </dev:code><dev:remarks><maml:para>This command pre-caches the password of Sara Davis to the read-only Domain Controller corp-RODC01 using SamAccountName of the user. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291133</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Move-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Rename-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Restore-ADObject</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADObject</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Test-ADServiceAccount</command:name><maml:description><maml:para>Tests a managed service account from a computer.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Test</command:verb><command:noun>ADServiceAccount</command:noun><dev:version /></command:details><maml:description><maml:para>The Test-ADServiceAccount cmdlet tests a managed service account (MSA) from a local computer. </maml:para><maml:para>The Identity parameter specifies the Active Directory MSA account to test. You can identify a MSA by its distinguished name (DN), GUID, security identifier (SID), or Security Accounts Manager (SAM) account name. You can also set the parameter to a MSA object variable, such as $<localMSA> or pass a MSA object through the pipeline to the Identity parameter. For example, you can use the Get-ADServiceAccount to get a MSA object and then pass that object through the pipeline to the Test-ADServiceAccount cmdlet. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Test-ADServiceAccount</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory managed service account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADServiceAccount</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory managed service account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error. </maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADServiceAccount</command:parameterValue><dev:type><maml:name>ADServiceAccount</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A managed service account object is received by the Identity parameter. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Test-ADServiceAccount -Identity MSA1 True </dev:code><dev:remarks><maml:para>This command tests that the specified service account, MSA1, is ready for use, which means thatit is able be authenticated and access the domain using its currently configured credentials, from the local computer. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Test-ADServiceAccount -Identity MSA1 False WARNING: Test failed for Managed Service Account MSA. If standalone Managed Service Account, the account is linked to another computer object in the Active Directory. If group Managed Service Account, either this computer does not have permission to use the group MSA or this computer does not support all the Kerberos encryption types required for the gMSA. See the MSA operational log for more information. </dev:code><dev:remarks><maml:para>This command tests results returned if MsaInfoCannotInstall. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Test-ADServiceAccount -Identity MSA1 False WARNING: The Managed Service Account MSA is not linked with any computer object in the directory. </dev:code><dev:remarks><maml:para>This command tests results returns MsaInfoCanInstall. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291134</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Install-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Uninstall-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Uninstall-ADServiceAccount</command:name><maml:description><maml:para>Uninstalls an Active Directory managed service account from a computer or removes a cached group managed service account from a computer.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Uninstall</command:verb><command:noun>ADServiceAccount</command:noun><dev:version /></command:details><maml:description><maml:para>The Uninstall-ADServiceAccount cmdlet removes an Active Directory standalone managed service account (MSA) on the computer on which the cmdlet is run. For group MSAs, the cmdlet removes the group MSA from the cache, however, if a service is still using the group MSA and the host has permission to retrieve the password a new cache entry will be created. The specified MSA must be installed on the computer.</maml:para><maml:para>The Identity parameter specifies the Active Directory MSA to uninstall. You can identify a MSA by its distinguished name (DN), GUID, security identifier (SID), or Security Accounts Manager (SAM) account name. You can also set the parameter to a MSA object variable, such as $<localServiceAccountObject> or pass a MSA object through the pipeline to the Identity parameter. For example, you can use the Get-ADServiceAccount to get a MSA object and then pass that object through the pipeline to the Uninstall-ADServiceAccount cmdlet.</maml:para><maml:para>For standalone MSA, the ForceRemoveLocal switch parameter will allow you to remove the account from the local LSA without failing the command if an access to a writable DC is not possible. This is required if you are uninstalling the standalone MSA from a server that is placed in a segmented network (i.e. perimeter network) with access only to an RODC. If you pass this parameter and the server has access to a writable DC the standalone MSA will be un-linked from the computer account in the directory as well.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Uninstall-ADServiceAccount</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute.The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADServiceAccount</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ForceRemoveLocal</maml:name><maml:description><maml:para>Indicates that you can remove the account from the local LSA without failing the command if an access to a writable DC is not possible. This is required if you are uninstalling the MSA from a server that is placed in a segmented network (i.e. perimeter network) with access only to an RODC. If you pass this parameter and the server has access to a writable DC the account will be un-linked from the computer account in the directory as well.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ForceRemoveLocal</maml:name><maml:description><maml:para>Indicates that you can remove the account from the local LSA without failing the command if an access to a writable DC is not possible. This is required if you are uninstalling the MSA from a server that is placed in a segmented network (i.e. perimeter network) with access only to an RODC. If you pass this parameter and the server has access to a writable DC the account will be un-linked from the computer account in the directory as well.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute.The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an object instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADServiceAccount</command:parameterValue><dev:type><maml:name>ADServiceAccount</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>A managed service account object is received by the Identity parameter. A parameter with name ForceRemoveLocal is provided to un-install standalone MSAs on a RODC only site. </maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with AD LDS. </maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller. </maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Uninstall-ADServiceAccount -Identity SQL-SRV1 </dev:code><dev:remarks><maml:para>This command uninstalls the managed service account SQL-SRV1 from the local machine. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Uninstall-ADServiceAccount -Identity sql-hr-01 -ForceRemoveLocal </dev:code><dev:remarks><maml:para>This command uninstalls a standalone Managed Service Account from a server located in a RODC-only site with no access to writable DCs such as a perimeter network. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291135</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Install-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>New-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADServiceAccount</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Unlock-ADAccount</command:name><maml:description><maml:para>Unlocks an Active Directory account.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Unlock</command:verb><command:noun>ADAccount</command:noun><dev:version /></command:details><maml:description><maml:para>The Unlock-ADAccount cmdlet restores Active Directory Domain Services (AD DS) access for an account that is locked. AD DS access is suspended or locked for an account when the number of incorrect password entries exceeds the maximum number allowed by the account password policy. </maml:para><maml:para>The Identity parameter specifies the Active Directory account to unlock. You can identify an account by its distinguished name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. You can also set the Identity parameter to an account object variable such as $<localADAccountObject>, or you can pass an object through the pipeline to the Identity parameter. For example, you can use the Search-ADAccount cmdlet to get an account object and then pass the object through the pipeline to the Unlock-ADAccount cmdlet to unlock the account. Similarly, you can use Get-ADUser and Get-ADComputer to get objects to pass through the pipeline. </maml:para><maml:para>For AD LDS environments, the Partition parameter must be specified except when: -- Using a DN to identify objects: the partition will be auto-generated from the DN. -- Running cmdlets from an Active Directory provider drive: the current path will be used to set the partition. -- A default naming context or partition is specified.</maml:para><maml:para>To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Unlock-ADAccount</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an account object instance.</maml:para><maml:para>Derived types such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADUser</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAccount</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValueGroup><command:parameterValue required="true" variableLength="false">Negotiate</command:parameterValue><command:parameterValue required="true" variableLength="false">Basic</command:parameterValue></command:parameterValueGroup></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain.</maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AuthType</maml:name><maml:description><maml:para>Specifies the authentication method to use. The acceptable values for this parameter are: -- Negotiate or 0 -- Basic or 1</maml:para><maml:para>The default authentication method is Negotiate.</maml:para><maml:para>A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAuthType</command:parameterValue><dev:type><maml:name>ADAuthType</maml:name><maml:uri /></dev:type><dev:defaultValue>Microsoft.ActiveDirectory.Management.AuthType.Negotiate</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default. </maml:para><maml:para>To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password. </maml:para><maml:para>You can also create a PSCredential object by using a script or by using the <maml:navigationLink><maml:linkText>Get-Credential</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. You can then set the Credential parameter to the PSCredential object. </maml:para><maml:para>If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="1" aliases=""><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are: -- A Distinguished Name -- A GUID (objectGUID) -- A Security Identifier (objectSid) -- A SAM Account Name (sAMAccountName)</maml:para><maml:para>The cmdlet searches the default naming context or partition to find the object. If two or more objects are found, the cmdlet returns a non-terminating error.</maml:para><maml:para>This parameter can also get this object through the pipeline or you can set this parameter to an account object instance.</maml:para><maml:para>Derived types such as the following are also accepted: -- Microsoft.ActiveDirectory.Management.ADServiceAccount -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADUser</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ADAccount</command:parameterValue><dev:type><maml:name>ADAccount</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Partition</maml:name><maml:description><maml:para>Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.</maml:para><maml:para>In many cases, a default value will be used for the Partition parameter if no value is specified. The rules for determining the default value are given below. Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated. </maml:para><maml:para>In AD DS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If none of the previous cases apply, the default value of Partition will be set to the default partition or naming context of the target domain.</maml:para><maml:para>In AD LDS environments, a default value for Partition will be set in the following cases: -- If the Identity parameter is set to a distinguished name, the default value of Partition is automatically generated from this distinguished name. -- If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. -- If the target AD LDS instance has a default naming context, the default value of Partition will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. -- If none of the previous cases apply, the Partition parameter will not take any default value.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Server</maml:name><maml:description><maml:para>Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance. </maml:para><maml:para>Specify the Active Directory Domain Services instance in one of the following ways: -- Domain name values: ---- Fully qualified domain name ---- NetBIOS name -- Directory server values: ---- Fully qualified directory server name ---- NetBIOS name ---- Fully qualified directory server name and port</maml:para><maml:para>The default value for this parameter is determined by one of the following methods in the order that they are listed: -- By using the Server value from objects passed through the pipeline -- By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive -- By using the domain of the computer running Windows PowerShell</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None or Microsoft.ActiveDirectory.Management.ADAccount</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>An account object is received by the Identity parameter.</maml:para><maml:para>Derived types, such as the following, are also accepted: -- Microsoft.ActiveDirectory.Management.ADUser -- Microsoft.ActiveDirectory.Management.ADComputer -- Microsoft.ActiveDirectory.Management.ADServiceAccount</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>This cmdlet does not work with an Active Directory Snapshot.</maml:para></maml:alert><maml:alert><maml:para>This cmdlet does not work with a read-only domain controller.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Unlock-ADAccount -Identity KimAb </dev:code><dev:remarks><maml:para>This command unlocks the account with SamAccountName KimAb.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Unlock-ADAccount -Identity "CN=Kim Abercrombie,OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM" </dev:code><dev:remarks><maml:para>This command unlocks the account with DistinguishedName CN=Kim Abercrombie,OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=291136</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Clear-ADAccountExpiration</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Disable-ADAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Enable-ADAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADAccountAuthorizationGroup</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Search-ADAccount</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADAccountControl</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADAccountExpiration</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ADAccountPassword</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> </helpItems> |