Grants SystoLOCK service rights to manage accounts.
Grant-SystoLockAccountManagementPermission [[-DistinguishedName] <String>] [-AdminSDHolder] [-DomainController <String>] [<CommonParameters>]
The Grant-SystoLockAccountManagementPermission cmdlet grants SystoLOCK service rights to manage Active Directory users accounts.
PS C:\> Grant-SystoLockAccountManagementPermission
Grants SystoLOCK service rights to manage all users in the current Active Directory domain.
PS C:\> Grant-SystoLockAccountManagementPermission -DistinguishedName 'CN=Dave,CN=Users,DC=corp,DC=local'
Grants SystoLOCK service rights to manage specified Active Directory user.
PS C:\> Grant-SystoLockAccountManagementPermission -DistinguishedName 'OU=Clients,DC=corp,DC=local'
Grants SystoLOCK service rights to manage descendant users of a specified organizational unit.
PS C:\> Grant-SystoLockAccountManagementPermission -DistinguishedName 'CN=AdminSDHolder,CN=System,DC=corp,DC=local'
Grants SystoLOCK service rights to manage all privileged users. The rights are granted implicitly by modifying AdminSDHolder container security descriptor and will be propagated to individual user accounts by the system.
Specifies the AdminSDHolder container from the current Active Directory domain as the target object.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies distinguished name of an Active Directory object. If not specified, it defaults to the current domain distinguished name.
Type: String
Parameter Sets: (All)
Aliases: DN
Required: False
Position: 0
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies domain controller host name or IP address.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Distinguished name, Domain name.
Contain information about account management permission.
IsCanonical: boolean value indicating whether the Active Directory object has the canonical form.
IsPresent: boolean value indicating whether the Active Directory object exists.
ObjectDN: account distinguished name.
Revoke-SystoLockAccountManagementPermission
Test-SystoLockAccountManagementPermission
AdminSDHolder, Protected Groups and Security Descriptor Propagator