Configuration driven Active Directory management.
Registers a new desired schema default permission access rule.
Register-FMSchemaDefaultPermission [-ClassName] <String> [-Identity] <String> [-ActiveDirectoryRights] <String>
[[-AccessControlType] <AccessControlType>] [[-InheritanceType] <ActiveDirectorySecurityInheritance>]
[[-ObjectType] <String>] [[-InheritedObjectType] <String>] [[-Mode] <String>] [[-ContextName] <String>]
[<CommonParameters>]
Registers a new desired schema default permission access rule. These access rules are then used / applied when when creating a new object of the class affected.
These settings apply only to new objects created of the affected class, not already existing ones. Using this you could for example add a group to have full control over all newly created group policy objects.
Get-Content .\sdp.json | ConvertFrom-Json | Write-Output | Register-FMSchemaDefaultPermission
Loads all entries from the specified json file and registers them.
The name of the object class in schema this applies to.
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
The principal to which the access rule applies. Supports limited string resolution.
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
The rights granted.
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 3
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Allow or Deny? Defaults to: Allow
Type: AccessControlType
Parameter Sets: (All)
Aliases:
Accepted values: Allow, Deny
Required: False
Position: 4
Default value: Allow
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
How is this privilege inherited by child objects?
Type: ActiveDirectorySecurityInheritance
Parameter Sets: (All)
Aliases:
Accepted values: None, All, Descendents, SelfAndChildren, Children
Required: False
Position: 5
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
What object types does this permission apply to?
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 6
Default value: <All>
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
What object types does this permission apply to? Used for extended properties.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 7
Default value: <All>
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
How access rules are actually applied:
All Modes of all settings for a given class are used when determining the effective Mode applied to that class. The most restrictive Mode applies.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 8
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
The name of the context defining the setting. This allows determining the configuration set that provided this setting. Used by the ADMF, available to any other configuration management solution.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 9
Default value: <Undefined>
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.