Revokes SystoLOCK service rights to manage accounts.
Revoke-SystoLockAccountManagementPermission [[-DistinguishedName] <String>] [-AdminSDHolder] [-DomainController <String>] [<CommonParameters>]
The Revoke-SystoLockAccountManagementPermission
cmdlet revokes SystoLOCK service rights to manage Active Directory users accounts.
PS C:\> Revoke-SystoLockAccountManagementPermission
Revokes SystoLOCK service rights to manage all users in the current Active Directory domain.
PS C:\> Revoke-SystoLockAccountManagementPermission -DistinguishedName 'CN=Dave,CN=Users,DC=corp,DC=local'
Revokes SystoLOCK service rights to manage specified Active Directory user.
PS C:\> Revoke-SystoLockAccountManagementPermission -DistinguishedName 'OU=Clients,DC=corp,DC=local'
Revokes SystoLOCK service rights to manage descendant users of a specified organizational unit.
PS C:\> Grant-SystoLockAccountManagementPermission -DistinguishedName 'CN=AdminSDHolder,CN=System,DC=corp,DC=local'
Revokes SystoLOCK service rights to manage all privileged users. The rights are revoked implicitly by modifying AdminSDHolder
container security descriptor and will be propagated to individual user accounts by the system.
Specifies the AdminSDHolder container from the current Active Directory domain as the target object.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies distinguished name of an Active Directory objects. If not specified, it defaults to the current domain distinguished name.
Type: String
Parameter Sets: (All)
Aliases: DN
Required: False
Position: 0
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies domain controller host name or IP address.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Distinguished name.
Contain information about account management permission.
IsCanonical: boolean value indicating whether the Active Directory object has the canonical form.
IsPresent: boolean value indicating whether the Active Directory object exists.
ObjectDN: account distinguished name.
Grant-SystoLockAccountManagementPermission
Test-SystoLockAccountManagementPermission
AdminSDHolder, Protected Groups and Security Descriptor Propagator