New-QADPasswordSettingsObject
From PowerGUI Wiki
Create a new Password Settings object (PSO). Windows Server 2008 is required.
Contents |
Syntax
New-QADPasswordSettingsObject [-ParentContainer <IdentityParameter>] [-Name] <String> [-AppliesTo <IdentityParameter[]>] [-Precedence <Int32>] [-ReversibleEncryptionEnabled [<Boolean>]] [-PasswordHistoryLength <Int32>] [-PasswordComplexityEnabled [<Boolean>]] [-MinimumPasswordLength <Int32>] [-MinimumPasswordAge <Object>] [-MaximumPasswordAge <Object>] [-LockoutThreshold <Int32>] [-ResetLockoutCounterAfter <Object>] [-LockoutDuration <Object>] [-ObjectAttributes <ObjectAttributesParameter>] [-Description <String>] [-DisplayName <String>] [-ExcludedProperties <String[]>] [-IncludedProperties <String[]>] [-DeserializeValues] [-UseDefaultExcludedProperties [<Boolean>]] [-UseDefaultExcludedPropertiesExcept <String[]>] [-Proxy] [-Service <String>] [-ConnectionAccount <String>] [-ConnectionPassword <SecureString>] [-Credential <PSCredential>] [-Connection <ArsConnection>] [-UseGlobalCatalog] [-WhatIf] [-Confirm] [<CommonParameters>]
Detailed Description
Use this cmdlet to create a Password Settings object (PSO) and set attribute values in the newly created object.
This cmdlet takes a series of attribute-specific parameters allowing you to set attributes in the newly created Password Settings object. If a given attribute is referred to by both the ObjectAttributes array and an attribute-specific parameter, the ObjectAttributes setting has no effect on that attribute. The cmdlet sets the attribute to the value specified by the attribute-specific parameter.
The cmdlet has optional parameters that determine the server and the security context for the operation. Normally, the connection parameters could be omitted so far as a connection to a server is established prior to using the cmdlet. In this case, the server and the security context are determined by the Connect-QADService cmdlet.
If you do not use Connect-QADService and have no connection established prior to using a cmdlet, then the connection settings, including the server and the security context, are determined by the connection parameters of the first cmdlet you use. Subsequent cmdlets will use those settings by default.
Related Commands
Parameters
| Name | Description | Required? | Pipeline Input | Default Value |
|---|---|---|---|---|
| ParentContainer | Specify the distinguished name of the container in which you want this cmdlet to create a new Password Settings object. | false | false | '<DomainName>/System/Password Settings Container' |
| Name | Specify the name (CN) for the new Password Settings object. | true | true (ByValue, ByPropertyName) | |
| AppliesTo | Specify a list of users and groups to which you want the Password Settings object to apply. Each list entry is the DN, SID, GUID, UPN or Domain\Name of a user or group. Separate the list entries by commas. | false | false | |
| Precedence | Specify the password settings precedence (set the 'msDS-PasswordSettingsPrecedence' attribute to this parameter value). | false | true (ByPropertyName) | 1 |
| ReversibleEncryptionEnabled | Specify either 'true' or 'false' to determine the password reversible encryption status for user accounts (set the 'msDS-PasswordReversibleEncryptionEnabled' attribute to this parameter value). | false | false | false |
| PasswordHistoryLength | Specify the Password History Length setting for user accounts (set the 'msDS-PasswordHistoryLength' attribute to this parameter value). | false | false | 0 |
| PasswordComplexityEnabled | Specify either 'true' or 'false' to determine the password complexity status for user accounts (set the 'msDS-PasswordComplexityEnabled' attribute to this parameter value). | false | false | false |
| MinimumPasswordLength | Specify the Minimum Password Length setting for user accounts (set the 'msDS-MinimumPasswordLength' attribute to this parameter value). | false | false | 0 |
| MinimumPasswordAge | Specify the Minimum Password Age setting for user accounts (set the 'msDS-MinimumPasswordAge' attribute to this parameter value). Parameter value can be represented as any of the following: Int64, IADsLargeInteger, DateTime, TimeSpan, string (a string representation of Int64, DateTime or TimeSpan), or Int (a number of days). This must be a negative value (see examples). | false | false | |
| MaximumPasswordAge | Specify the Maximum Password Age setting for user accounts (set the 'msDS-MaximumPasswordAge' attribute to this parameter value). Parameter value can be represented as any of the following: Int64, IADsLargeInteger, DateTime, TimeSpan, string (a string representation of Int64, DateTime or TimeSpan), or Int (a number of days). This must be a negative value (see examples). | false | false | |
| LockoutThreshold | Specify the lockout threshold for lockout of user accounts (set the 'msDS-LockoutThreshold' attribute to this parameter value). | false | false | 5 |
| ResetLockoutCounterAfter | Specify the Observation Window setting for lockout of user accounts (set the 'msDS-LockoutObservationWindow' attribute to this parameter value). Parameter value can be represented as any of the following: Int64, IADsLargeInteger, DateTime, TimeSpan, string (a string representation of Int64, DateTime or TimeSpan), or Int (a number of minutes). This must be a negative value (see examples). | false | false | |
| LockoutDuration | Specify the lockout duration for locked out user accounts (set the 'msDS-LockoutDuration' attribute to this parameter value). Parameter value can be represented as any of the following: Int64, IADsLargeInteger, DateTime, TimeSpan, string (a string representation of Int64, DateTime or TimeSpan), or Int (a number of minutes). This must be a negative value (see examples). | false | false | |
| ObjectAttributes | Specify an associative array that defines the attributes to set. The array syntax:
@{attr1='val1';attr2='val2';...} In this syntax, each of the key-value pairs is the LDAP display name and the value of an attribute to set. For information about associative arrays, type the following command at the PowerShell command-prompt: help about_associative_array | false | true (ByValue, ByPropertyName) | |
| Description | Set the 'description' attribute. | false | false | |
| DisplayName | Set the 'displayName' attribute. | false | false | |
| ExcludedProperties | Use this parameter to specify the attributes that you do not want the cmdlet to update in the directory. Supply a list of the attribute LDAP display names as the parameter value. You could use this parameter when importing attribute values from a text file, in order to prevent some attributes found in the file from being set in the directory. | false | false | |
| IncludedProperties | Use this parameter to specify explicitly the attributes that you want the cmdlet to update in the directory. Supply a list of the attribute LDAP display names as the parameter value. When used together with UseDefaultExcludedProperties, this parameter allows you to have the cmdlet update some attributes that would not be updated otherwise.
Note: If a particular attribute is listed in both ExcludedProperties and IncludedProperties, the cmdlet does not set the value of that attribute the directory. | false | false | |
| DeserializeValues | Supply this parameter on the command line if the input you pass to the cmdlet contains serialized attribute values (for instance, when importing a directory object from a text file that was created using the Serialize parameter). For examples of how to export and import an object, see help on the Get-QADUser cmdlet. | false | false | |
| UseDefaultExcludedProperties | When set to 'true', this parameter causes the cmdlet not to update a certain pre-defined set of attributes in the directory. This pre-defined set of attributes (referred to as "default excluded properties") can be viewed or modified by using the Get-QADPSSnapinSettings or Set-QADPSSnapinSettings cmdlet, respectively. | false | true (ByPropertyName) | false |
| UseDefaultExcludedPropertiesExcept | This parameter is deprecated, and has no effect. | false | true (ByPropertyName) | |
| Proxy | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| Service | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| ConnectionAccount | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| ConnectionPassword | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| Credential | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| Connection | For parameter description, see help on the Connect-QADService cmdlet. | false | true (ByValue) | |
| UseGlobalCatalog | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| WhatIf | Describes what would happen if you executed the command, without actually executing the command. | false | false | |
| Confirm | Prompts you for confirmation before executing the command. | false | false |
Examples
Example 1
New-QADPasswordSettingsObject -Name 'myPso1' -LockoutDuration 40 -Precedence 10 -MaximumPasswordAge (new-timespan -days -45 -hour -3 -minute -23) -AppliesTo 'myDomain\Account Operators','myDomain\Event Log Readers' | Format-List
Create a new PSO named myPso1 with LockoutDuration of 40 min, Precedence of 10 and MaximumPasswordAge of 45 days, 3 hours and 23 minutes and default values for the other parameters, and apply it to two groups, and display operation results.
