Synchronizes OATH token object state.
Sync-SystoLockOathToken [-Identifier] <String> [-Otp1] <String> [-Otp2] <String> [-Address <ServiceAddress>]
[-AuthType <NtdsAuthType>] [-DomainController <String>] [-Timeout <Int32>] [<CommonParameters>]
The Sync-SystoLockOathToken cmdlet synchronizes an OATH token server-side state using the two sequential one-time passwords.
OATH tokens rely on a moving factor, such as a counter (event-based) or time (time-based), to generate one-time passwords. In some cases, the moving factor on the token device can become out-of-sync with the server. For example, a child may press the button on an event-based token multiple times, advancing the counter beyond what the server expects, or a time-based token's internal clock may drift due to a battery approaching end of life. When this happens, authentication attempts will fail until the token and server states are resynchronized.
All cmdlets interacting with SystoLOCK service have -Address and -Timeout parameters to adjust their behavior.
You can also set $SystoLockAddress and $SystoLockTimeout PowerShell variables or $SystoLockAddress and $SystoLockTimeout environment variables which let you specify these parameters as defaults.
If no parameters or environment variables are specified, the timeout defaults to 3 seconds and the address is obtained from DNS for current domain and site.
Sync-SystoLockOathToken -Identifier GAKT000168DE -Otp1 053722 -Otp2 368205
Synchronize a token.
Specifies service address (optional).
Accepts an URL, a host name or a Service structure returned by previous Get-SystoLockService call.
Type: ServiceAddress
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specifies authentication method to use with domain controller (optional).
The acceptable values for this parameter are: Kerberos and Negotiate.
The default method is Kerberos.
Possible values: Kerberos, Negotiate
Type: NtdsAuthType
Parameter Sets: (All)
Aliases:
Accepted values: Kerberos, Negotiate
Required: False
Position: Named
Default value: Kerberos
Accept pipeline input: False
Accept wildcard characters: False
Specifies domain controller name (optional).
Accepts a domain name, a fully qualified domain name or an IP address of the domain controller.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specifies token identifier or URL.
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 0
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specifies first one-time password.
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specifies second one-time password.
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specifies timeout (range: 1 - 30 seconds, default: 3 seconds).
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
This cmdlet does not accept any pipeline input.
Returns true if token is synchronized; otherwise false.
This is a time-consuming operation.
Use only when necessary.