Assigns a token to an Active Directory user.
Add-SystoLockAssignment [[-Pin] <String>] [-Identifier] <String> [-User] <Object> [[-RetainPassword] <Boolean>]
[-Force] [-Address <ServiceAddress>] [-AuthType <NtdsAuthType>] [-DomainController <String>]
[-Timeout <Int32>] [-ProgressAction <ActionPreference>] [<CommonParameters>]
Add-SystoLockAssignment [[-Pin] <String>] [-Token] <OathToken> [-User] <Object> [[-RetainPassword] <Boolean>]
[-Force] [-Address <ServiceAddress>] [-AuthType <NtdsAuthType>] [-DomainController <String>]
[-Timeout <Int32>] [-ProgressAction <ActionPreference>] [<CommonParameters>]
The Add-SystoLockAssignment cmdlet assigns a token to the AD user.
Returns URI string representing a token assigned.
All cmdlets interacting with SystoLock service have -Address and -Timeout parameters to adjust their behavior.
You can also set $SystoLockAddress and $SystoLockTimeout PowerShell variables or $SystoLockAddress and $SystoLockTimeout environment variables which let you specify these parameters as defaults.
If no parameters or environment variables are specified, the timeout defaults to 3 seconds and the address is obtained from DNS for current domain and site.
Add-SystoLockAssignment -Identifier GAKT000168DE -User 'CN=Alice,CN=Users,DC=company,DC=com' -Pin 123456
Assigns a token to a user, specifying user's DN.
Add-SystoLockAssignment -Identifier GAKT000168DE -User Alice -Pin 123456
Assigns a token to a user, specifying user's login name or UPN.
Add-SystoLockAssignment -Identifier GAKT000168DE -User 'Alice@company.com' -Pin 123456
Assigns a token to a user, specifying user's login name or UPN.
Add-SystoLockAssignment -Identifier GAKT000168DE -User (Get-ADUser -Identity Alice).ObjectGuid -Pin 123456
Assigns a token to a user, specifying user's GUID.
Add-SystoLockAssignment -Identifier GAKT000168DE -User (Get-ADUser -Identity Alice).SID -Pin 123456
Assigns a token to a user, specifying user's SID.
Add-SystoLockAssignment -Identifier GAKT000168DE -User (Get-ADUser -Identity Alice).SamAccountName -Pin 123456
Assigns a token to a user, specifying user's SID.
Add-SystoLockAssignment -Identifier GAKT000168DE -User (Get-ADUser -Identity Alice) -Pin 123456
Assigns a token to a user, specifying an ADUser object.
$user | Add-SystoLockAssignment -Token (New-SystoLockToken) -Pin 123456
Pipe processing.
Assigns a newly generated token to an Active Directory user
Get-SystoLockToken -Identifier GAKT000168DE | Add-SystoLockAssignment -User $user -Pin 123456
Pipe processing.
Assigns an existing token to an Active Directory user
Add-SystoLockAssignment -Identifier GAKT000168DE -User Administrator -Force
Assigns a token to the local Administrator.
Specifies service address (optional).
Accepts an URL, a host name or a Service structure returned by previous Get-SystoLockService call.
Type: ServiceAddress
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specifies authentication method to use with domain controller (optional).
The acceptable values for this parameter are: Kerberos and Negotiate.
The default method is Kerberos.
Possible values: Kerberos, Negotiate
Type: NtdsAuthType
Parameter Sets: (All)
Aliases:
Accepted values: Kerberos, Negotiate
Required: False
Position: Named
Default value: Kerberos
Accept pipeline input: False
Accept wildcard characters: False
Specifies domain controller name (optional).
Accepts a domain name, a fully qualified domain name or an IP address of the domain controller.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Forces the command to create an assignment even if the user is the last member of the Administrators group or has no UPN defined.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Token ID or URL.
Type: String
Parameter Sets: Identifier
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies user PIN code.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Type: ActionPreference
Parameter Sets: (All)
Aliases: proga
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
If set to $true, keeps current user password and does not enforce SmartCard only authentication account option.
If set to $false, enforces SmartCard only authentication account option even if user already has tokens assigned with password retention.
If value is not provided or set to $null the server will not enforce SmartCard only authentication account option if user already has one or more tokens with password retention set option to $true.
Type: Boolean
Parameter Sets: (All)
Aliases:
Required: False
Position: 3
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies timeout (range: 1 - 30 seconds, default: 3 seconds).
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specifies OathToken structure.
Type: OathToken
Parameter Sets: Token
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
Accepts user name, distinguished name, principal name, SAM account name, GUID, SID or ADUser object.
Type: Object
Parameter Sets: (All)
Aliases:
Required: True
Position: 0
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Specifies user PIN code.
Specifies OathToken structure.
Token ID or URL.
Accepts user name, distinguished name, principal name, SAM account name, GUID, SID or ADUser object.
If set to $true, keeps current user password and does not enforce SmartCard only authentication account option.
If set to $false, enforces SmartCard only authentication account option even if user already has tokens assigned with password retention.
If value is not provided or set to $null the server will not enforce SmartCard only authentication account option if user already has one or more tokens with password retention set option to $true.
Forces the command to create an assignment even if the user is the last member of the Administrators group or has no UPN defined.
Represents user-token assignment information.
String[] Tokens: Array of user's token identifiers
String User: Active Directory user identifier
Accepts a user name, distinguished name, principal name, SAM account name, GUID, SID or ADUser object to associate the user with a token.