Deprovision-QADUser
From PowerGUI Wiki
Request ActiveRoles Server to deprovision a user account. This cmdlet requires a connection to be established to the ActiveRoles Server Administration Service by supplying the Proxy parameter.
Contents |
Syntax
Deprovision-QADUser [-Identity] <IdentityParameter> [-ReportFile <String>] [-Xml] [-Proxy] [-Service <String>] [-ConnectionAccount <String>] [-ConnectionPassword <SecureString>] [-Credential <PSCredential>] [-Connection <ArsConnection>] [-UseGlobalCatalog] [-WhatIf] [-Confirm] [<CommonParameters>]
Detailed Description
Use this cmdlet to deprovision a user account via ActiveRoles Server. ActiveRoles Server provides the ability to deprovision rather than delete or only disable user accounts. Deprovision refers to a set of actions being performed in order to revoke user access to resources. The deprovision operation on user objects triggers deprovision policies. ActiveRoles Server comes with a default policy to automate some commonly-used deprovisioning tasks, and allows the deprovision policies to be adjusted as needed.
This cmdlet originates a request to deprovision the user accounts specified. When processing the request, ActiveRoles Server performs all operations prescribed by the deprovision policies.
The cmdlet has optional parameters that determine the server and the security context for the operation. Normally, the connection parameters could be omitted so far as a connection to a server is established prior to using the cmdlet. In this case, the server and the security context are determined by the Connect-QADService cmdlet.
If you do not use Connect-QADService and have no connection established prior to using a cmdlet, then the connection settings, including the server and the security context, are determined by the connection parameters of the first cmdlet you use. Subsequent cmdlets will use those settings by default.
Note that this cmdlet requires a connection to the ActiveRoles Server Administration Service, so the Proxy parameter must be used to establish the connection.
Related Commands
Parameters
| Name | Description | Required? | Pipeline Input | Default Value |
|---|---|---|---|---|
| Identity | Specify the DN, SID, GUID, UPN or Domain\Name of the user account you want to deprovision. This parameter can be omitted if you pipe into this cmdlet one or more objects returned by a Get- cmdlet, so as to have those objects identify the user accounts to deprovision. | true | true (ByValue, ByPropertyName) | |
| ReportFile | Supply this parameter on the command line if you want to save a report on the deprovisioning results to a file in HTML or XML format. The parameter value must be a valid path to a file, including the file name. The cmdlet creates the file if necessary. Omit this parameter if you do not want to save the report in a file. ActiveRoles Server preserves the report data regardless of this parameter, so you always have the option to examine the deprovisioning results using the ActiveRoles Server console. | false | true (ByPropertyName) | |
| Xml | Supply this parameter on the command line if you want to save the report on the deprovisioning results in XML format. Omit this parameter if you want to save the report in HTML format. | false | false | |
| Proxy | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| Service | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| ConnectionAccount | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| ConnectionPassword | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| Credential | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| Connection | For parameter description, see help on the Connect-QADService cmdlet. | false | true (ByValue) | |
| UseGlobalCatalog | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| WhatIf | Describes what would happen if you executed the command, without actually executing the command. | false | false | |
| Confirm | Prompts you for confirmation before executing the command. | false | false |
Examples
Example 1
deprovision-QADUser 'MyDomain\JSmith' -Proxy
Connect to any available ActiveRoles Server Administration Service with the credentials of the locally logged on user and deprovision the user account identified by Domain\Name.
Example 2
connect-QADService -Service 'myserver.mydomain.lab' -Proxy C:\PS>get-QADUser 'MyDomain\JSmith' | deprovision-QADUser
Connect to a specific Administration Service with the credentials of the locally logged on user, retrieve a user object using the get-QADUser cmdlet, and pipe the user object into the Deprovision-QADUser cmdlet to deprovision the user account represented by that object.
Example 3
connect-QADService -Service 'myserver.mydomain.lab' -Proxy C:\PS>get-QADUser 'MyDomain\JSmith' | deprovision-QADUser -ReportFile 'C:\JSmith.html'
Connect to a specific Administration Service with the credentials of the locally logged on user, retrieve a user object using the get-QADUser cmdlet, and pipe the user object into the Deprovision-QADUser cmdlet to deprovision the user account represented by that object, with a report on the deprovisioning results being saved in a specific file in HTML format.
Example 4
connect-QADService -Service 'myserver.mydomain.lab' -Proxy
C:\PS>get-QADUser -SearchRoot 'mydomain.lab/retired' | deprovision-QADUser -ReportFile {'C:\DeprovisionReports\' + $_.SamAccountName + '.html'}
Connect to a specific Administration Service with the credentials of the locally logged on user, and deprovision all user accounts found in a specific container, with a report on the deprovisioning results for each user account being saved in a separate file.
