Register-AdcPrivilegedGroupSet

SYNOPSIS

Register a Privileged Group Set for use during ownership assignments.

SYNTAX

Register-AdcPrivilegedGroupSet [-Name] <String> [[-Description] <String>] [[-Code] <ScriptBlock>]
 [-ProgressAction <ActionPreference>] [<CommonParameters>]

DESCRIPTION

Register a Privileged Group Set for use during ownership assignments. They can be used to assign a group of identities as owners - any one of which is a viable owner for the assignment. They also provide a default SID in case none of them are assigned.

The data is calculated per-domain, cached on the first application. Cache is cleared when resetting configuration (e.g. loading a new context combination).

The SIDs resolved can be from one or multiple domains.

To test your Privileged Group Set use “Resolve-AdcPrivilegedGroupSet”. To assign it as an owner, wrap its name in two underscores on each side when assigning it as owner in the config: If the Privileged Group Set is named “DomainAdmins”, assign it as owner by setting the owner to “DomainAdmins”.

The scriptblock doing the calculation receives two parameters:

• Parameters <Hashtable>: The server/credential pair used for the current execution.
• Domain <ADDomain>: The domain object targeted - as returned by Get-ADDomain

The scriptblock should return a hashtable or custom object that has two entries/properties:

• SIDs <string[]>: The list of SIDs that are matched. Must be at least one valid sid.
• DefaultSID <string>: The SID to use for the change if the target is none of the permitted SIDs. This SID should ALSO be included in “SIDs”.

EXAMPLES

EXAMPLE 1

Register-AdcPrivilegedGroupSet -Name PKIServer -Description $description -Code $code

Registers the Privileged Group Set “PKI Server” with the provided code.

PARAMETERS

-Name

The name of the Privileged Group Set.

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Description

A description explaining the Privileged Group Set.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Code

The code that calculates the data on demand. See the Description section for details on what parameters it receives and what output it should produce.

Type: ScriptBlock
Parameter Sets: (All)
Aliases:

Required: False
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ProgressAction

Type: ActionPreference
Parameter Sets: (All)
Aliases: proga

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES

RELATED LINKS