Revoke-ADAuthenticationPolicySiloAccess

by Posted on

Revoke-ADAuthenticationPolicySiloAccess is accessible with the help of addsadministration module. To install addsadministration on your system please refer to this link.

Synopsis

Revokes membership in an authentication policy silo for the specified account.

Description

The Revoke-ADAuthenticationPolicySiloAccess cmdlet revokes the membership in an authentication policy silo for one or more accounts in Active Directory Domain Services.

The Identity parameter specifies the Active Directory Domain Services authentication policy silo that contains the user accounts to remove. You can identify an authentication policy silo by its distinguished name (DN), GUID or name. You can also use the Identity parameter to specify a variable that contains an authentication policy silo object, or you can use the pipeline operator to pass an authentication policy object to the Identity parameter.

The Account parameter specifies the users, computers and service accounts to remove from the authentication policy silo specified by the Identity parameter. You can identify a user, computer or service account by its DN, GUID, security identifier (SID), or Security Accounts Manager (SAM) account name. You can also use the Account parameter to specify a variable that contains user, computer, and service account objects.

Parameters 

 -Account 
         Specifies the account to remove from the authentication policy silo. Specify the account in one of the following formats: 

    -- Distinguished Name
    -- GUID 
    -- Security Identifier 
    -- SAM Account Name

    Required?                    true
    Position?                    1
    Default value                
    Accept pipeline input?       True (ByValue)
    Accept wildcard characters?  false

-AuthType <ADAuthType>
    Specifies the authentication method to use. The acceptable values for this parameter are:&nbsp;

    --Negotiate or 0
    --Basic or 1

    Required?                    false
    Position?                    named
    Default value                Microsoft.ActiveDirectory.Management.AuthType.Negotiate
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Credential <PSCredential>
    Specifies a user account that has permission to perform the task. The default is the current user. Type a user name, such as "User01" or "Domain01\User01", or enter a PSCredential object, such as one generated by the Get-Credential cmdlet.

    Required?                    false
    Position?                    named
    Default value                
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Identity <ADAuthenticationPolicySilo>
    Specifies an ADAuthenticationPolicySilo object. Specify the authentication policy silo object in one of the following formats: 

    --Distinguished Name
    --GUID
    --Name

    Required?                    true
    Position?                    0
    Default value                
    Accept pipeline input?       false
    Accept wildcard characters?  false

-PassThru <SwitchParameter>
    Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.

    Required?                    false
    Position?                    named
    Default value                
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Server <String>
    Specifies the Active Directory Domain Services instance to which to connect, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following:  Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.

    Required?                    false
    Position?                    named
    Default value                
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Confirm <SwitchParameter>
    Prompts you for confirmation before running the cmdlet.

    Required?                    false
    Position?                    named
    Default value                false
    Accept pipeline input?       false
    Accept wildcard characters?  false

-WhatIf <SwitchParameter>
    Shows what would happen if the cmdlet runs. The cmdlet is not run.

    Required?                    false
    Position?                    named
    Default value                false
    Accept pipeline input?       false
    Accept wildcard characters?  false

Syntax

Revoke-ADAuthenticationPolicySiloAccess [-WhatIf] [-Confirm] [-Account] <ADAccount> [-AuthType <ADAuthType>] [-Credential <PSCredential>] [-Identity] <ADAuthenticationPolicySilo> [-PassThru] [-Server <String>] [<CommonParameters>]

————————– EXAMPLE 1 ————————–
Revoke access to an authentication policy silo
PS C:>Revoke-ADAuthenticationPolicySiloAccess –Identity AuthPolicySilo01 –Account User01 –Confirm:$False
This command revokes access to the authentication policy silo named AuthPolicySilo01 for the user account named User01. Because the Confirm parameter is set to $False, no confirmation message appears.

————————– EXAMPLE 2 ————————–
Revoke access to an authentication policy silo for filter matches
PS C:>Get-ADComputer -Filter ‘Name -like “newComputer*”‘ | Revoke-ADAuthenticationPolicySiloAccess -Identity AuthPolicySilo02 

Confirm
Are you sure you want to perform this action? 
Performing the operation "Set" on target "CN=Silo,CN=AuthN Silos,CN=AuthN Policy
Configuration,CN=Services,CN=Configuration,DC=DC01,DC=TOSSolution,DC=com".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): A

This example first uses the Get-ADComputer cmdlet to get a list of computers that match the filter specified by the Filter parameter. The output is then passed to the Revoke-ADAuthenticationPolicySiloAccess to remove access to the authentication policy silo named AuthPolicySilo02. Because the Confirm parameter is not specified, a confirmation message appears.

You can check the Version, CommandType and Source of this cmdlet by giving below command.

Get-Command Revoke-ADAuthenticationPolicySiloAccess
Get-Command Revoke-ADAuthenticationPolicySiloAccess powershell script command cmdlet

You can also read about
. Grant-ADAuthenticationPolicySiloAccess

To know more PowerShell cmdlets(Commands) on addsadministration (Active Directory) click here

Click on this Link for an Single place where you get all the PowerShell cmdlet sorted based on the modules.

You can also refer other blogs on PowerShell at link

You can also refer other blogs on Microsoft at link

And also if you required any technology you want to learn, let us know below we will publish them in our site http://tossolution.com/

Like our page in Facebook and follow us for New technical information.

References are taken from Microsoft

Published by Karthik S

Lead DevOps | Windows | AWS | Azure | Docker | Kubernetes | Jenkins

Leave a Reply

Your email address will not be published. Required fields are marked *