Removes OATH token assignment.
Remove-SystoLockOathTokenAssignment [-Identifier] <String[]> [-Address <ServiceAddress>] [-AuthType <NtdsAuthType>]
[-DomainController <String>] [-Timeout <Int32>] [-WhatIf] [-Confirm] [<CommonParameters>]
Remove-SystoLockOathTokenAssignment [-User] <Object[]> [-Address <ServiceAddress>] [-AuthType <NtdsAuthType>]
[-DomainController <String>] [-Timeout <Int32>] [-WhatIf] [-Confirm] [<CommonParameters>]
The Remove-SystoLockOathTokenAssignment cmdlet removes one or all OATH token assignments from an Active Directory user.
All cmdlets interacting with SystoLOCK service have -Address and -Timeout parameters to adjust their behavior.
You can also set $SystoLockAddress and $SystoLockTimeout PowerShell variables or $SystoLockAddress and $SystoLockTimeout environment variables which let you specify these parameters as defaults.
If no parameters or environment variables are specified, the timeout defaults to 3 seconds and the address is obtained from DNS for current domain and site.
Remove-SystoLockOathTokenAssignment -Identifier GAKT000168DE
Removes a single OATH token assignment using token identifier.
Remove-SystoLockOathTokenAssignment -Identifier GAKT000168DD, GAKT000168DE, GAKT000168DF
Removes multiple OATH token assignments using token identifiers.
Remove-SystoLockOathTokenAssignment -User 'CN=Alice,CN=Users,DC=company,DC=com'
Removes all OATH token assignments from a user specified by their distinguished name (DN).
Remove-SystoLockOathTokenAssignment -User Alice
Removes all OATH token assignments from a user specified by their name.
Remove-SystoLockOathTokenAssignment -User 'company.com\Alice'
Removes all OATH token assignments from a user specified by their SAM account name.
Remove-SystoLockOathTokenAssignment -User 'Alice@company.com'
Removes all OATH token assignments from a user specified by their principal name.
Remove-SystoLockOathTokenAssignment -User (Get-ADUser -Identity Alice).ObjectGuid
Removes all OATH token assignments from a user specified by their global unique identifier (GUID).
Remove-SystoLockOathTokenAssignment -User (Get-ADUser -Identity Alice).SID
Removes all OATH token assignments from a user specified by their security identifier (SID).
Remove-SystoLockOathTokenAssignment -User (Get-ADUser -Identity Alice)
Removes all OATH token assignments from a user specified by Active Directory object.
Remove-SystoLockOathTokenAssignment -User 'John@company.com', 'company.com\Paul'
Remove all OATH token assignments from a multiple users.
Get-ADUser -Filter { Surname -eq 'Smith' } | Remove-SystoLockOathTokenAssignment
Finds Active Directory users matching specified criteria and remove all their OATH token assignments.
Specifies service address (optional).
Accepts an URL, a host name or a Service structure returned by previous Get-SystoLockService call.
Type: ServiceAddress
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specifies authentication method to use with domain controller (optional).
The acceptable values for this parameter are: Kerberos and Negotiate.
The default method is Kerberos.
Possible values: Kerberos, Negotiate
Type: NtdsAuthType
Parameter Sets: (All)
Aliases:
Accepted values: Kerberos, Negotiate
Required: False
Position: Named
Default value: Kerberos
Accept pipeline input: False
Accept wildcard characters: False
Prompts you for confirmation before running the cmdlet.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specifies domain controller name (optional).
Accepts a domain name, a fully qualified domain name or an IP address of the domain controller.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specifies token identifier or URL.
Type: String[]
Parameter Sets: Identifier
Aliases:
Required: True
Position: 0
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False
Specifies timeout (range: 1 - 30 seconds, default: 3 seconds).
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Accepts user name, distinguished name, principal name, SAM account name, GUID, SID or ADUser object array.
Type: Object[]
Parameter Sets: User
Aliases:
Required: True
Position: 0
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Specifies token identifier or URL.
Accepts user name, distinguished name, principal name, SAM account name, GUID, SID or ADUser object array.
This operation requires your confirmation.
See <CommonParameters> manual (http://go.microsoft.com/fwlink/?LinkID=113216) for more details.
Accepts a user name, distinguished name, principal name, SAM account name, GUID, SID or ADUser object to associate the user with a token.
Add-SystoLockOathTokenAssignment
Get-SystoLockOathTokenAssignment