Tests whether SystoLOCK service has rights to manage accounts in Active Directory.
Test-SystoLockAccountManagementPermission [[-DistinguishedName] <String>] [-AdminSDHolder] [-DomainController <String>]
[<CommonParameters>]
The Test-SystoLockAccountManagementPermission cmdlet tests whether SystoLOCK service has rights to manage Active Directory users accounts.
PS C:\> Test-SystoLockAccountManagementPermission
Tests whether SystoLOCK service has rights to manage all users in the current Active Directory domain.
PS C:\> Test-SystoLockAccountManagementPermission -DistinguishedName 'CN=Dave,CN=Users,DC=corp,DC=local'
Tests whether SystoLOCK service has rights to manage specified Active Directory user.
PS C:\> Revoke-SystoLockAccountManagementPermission -DistinguishedName 'OU=Clients,DC=corp,DC=local'
Tests whether SystoLOCK service has rights to manage descendant users of a specified organizational unit.
PS C:\> Grant-SystoLockAccountManagementPermission -DistinguishedName 'CN=AdminSDHolder,CN=System,DC=corp,DC=local'
Tests whether SystoLOCK service has rights to manage all privileged users. The rights are tested implicitly from AdminSDHolder container security descriptor.
Specifies the AdminSDHolder container from the current Active Directory domain as the target object.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies distinguished name of an Active Directory objects. If not specified, it defaults to the current domain distinguished name.
Type: String
Parameter Sets: (All)
Aliases: DN
Required: False
Position: 0
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies domain controller host name or IP address.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Distinguished name, Domain controller.
Contain information about account management permission.
IsCanonical: boolean value indicating whether the Active Directory object has the canonical form.
IsPresent: boolean value indicating whether the Active Directory object exists.
ObjectDN: account distinguished name.
Grant-SystoLockAccountManagementPermission
Revoke-SystoLockAccountManagementPermission