Assigns an NFC token to an Active Directory user.
Add-SystoLockNfcTokenAssignment [-Force] [[-Id] <String[]>] [-PassThru] [-Pin <String>] [-RetainPassword <Boolean>]
[[-User] <String>] [-Address <ServiceAddress>] [-AuthType <NtdsAuthType>] [-DomainController <String>]
[-Timeout <Int32>] [<CommonParameters>]
Add-SystoLockNfcTokenAssignment [-Force] [[-InputObject] <ProximityToken>] [-PassThru] [-Pin <String>]
[-RetainPassword <Boolean>] [[-User] <String>] [-Address <ServiceAddress>] [-AuthType <NtdsAuthType>]
[-DomainController <String>] [-Timeout <Int32>] [<CommonParameters>]
The Add-SystoLockNfcTokenAssignment cmdlet assigns a SystoLOCK NFC token to the specified Active Directory user.
All cmdlets interacting with SystoLOCK service have -Address and -Timeout parameters to adjust their behavior.
You can also set $SystoLockAddress and $SystoLockTimeout PowerShell variables or $SystoLockAddress and $SystoLockTimeout environment variables which let you specify these parameters as defaults.
If no parameters or environment variables are specified, the timeout defaults to 3 seconds and the address is obtained from DNS for current domain and site.
Add-SystoLockNfcTokenAssignment -Id 'YSNF000168DD' -User Bob -Pin 123456 -PassThru
Assigns the token to the user and returns the token object.
Add-SystoLockNfcTokenAssignment -Id 'YSNF000168DD' -User Tom -Pin 123456 -RetainPassword $true -PassThru
Assigns the NFC token and keeps the user's current password and specifies that the PIN is not required.
Get-SystoLockNfcToken | Add-SystoLockNfcTokenAssignment -User Bob -Pin 121314 -PassThru
Retrieves an available NFC token and pipes it to the Active Directory user assignment command.
Get-SystoLockNfcCard | Initialize-SystoLockNfcCard | New-SystoLockNfcToken | Add-SystoLockNfcTokenAssignment -User Bob -Pin 111111 -PassThru
Retrieves an available NFC card, initializes it, creates a corresponding token object and assigns it to an Active Directory user.
Specifies service address (optional).
Accepts an URL, a host name or a Service structure returned by previous Get-SystoLockService call.
Type: ServiceAddress
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specifies authentication method to use with domain controller (optional).
The acceptable values for this parameter are: Kerberos and Negotiate.
The default method is Kerberos.
Possible values: Kerberos, Negotiate
Type: NtdsAuthType
Parameter Sets: (All)
Aliases:
Accepted values: Kerberos, Negotiate
Required: False
Position: Named
Default value: Kerberos
Accept pipeline input: False
Accept wildcard characters: False
Specifies domain controller name (optional).
Accepts a domain name, a fully qualified domain name or an IP address of the domain controller.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Forces the command to create an assignment even if the user is the last member of the Administrators group or has no UPN defined.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
Specifies token identifier.
Type: String[]
Parameter Sets: Id
Aliases: Token, Identifier
Required: False
Position: 0
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False
Specifies the token objects to be processed.
Type: ProximityToken
Parameter Sets: InputObject
Aliases:
Required: False
Position: 0
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False
Returns the NFC token object.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
Specifies user PIN code.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
If set to $true, keeps current user password and does not enforce SmartCard only authentication account option.
If set to $false, enforces SmartCard only authentication account option even if user already has tokens assigned with password retention.
If value is not provided or set to $null the server will not enforce SmartCard only authentication account option if user already has one or more tokens with password retention set option to $true.
Type: Boolean
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specifies timeout (range: 1 - 30 seconds, default: 3 seconds).
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Accepts user name, distinguished name, principal name, SAM account name, GUID, SID or ADUser object.
Type: String
Parameter Sets: (All)
Aliases: DistinguishedName
Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Specifies one or more NFC tokens by token identifier.
Specifies NFC token object to be processed.
This cmdlet does not generate any output, unless PassThru parameter is specified.
Identifier: token identifier.
AssignedTo: Distinguished name of a user the token is assigned to.
Algorithm: NFC token algorithm.
Type: NFC token type.
FriendlyName: token friendly name.
HasConstraints: A boolean value indicating that a token has constraints, such as lifetime or limited number of transactions allowed.
LastUsed: the time when the current token was last used.
PerformedTransactions: the number of times token has been used.
NumberOfTransactions: Maximum number of times the token is allowed to be used.
IsActive: A boolean value indicating whether the token is active, e.g. is not disabled or locked.
DisabledOn: the time when the current token has been disabled.
LockedOn: the time when the current token has been locked.
CreationTime: the time when the current token has been created.
NotAfter: the time after which the token is no longer valid.
NotBefore: the time before which the token is not yet valid.
PinlessLogin: if configured, contains PIN-less configuration properties.
Get-SystoLockNfcTokenAssignment
Remove-SystoLockNfcTokenAssignment