Create a new account lifecycle policy.
New-DSAccountLifecyclePolicyInfo [-Source <AccountLifecyclePolicyProviderMode>]
[-PolicyType <AccountLifecyclePolicyType>] [<CommonParameters>]
New-DSAccountLifecyclePolicyInfo -PolicyID <guid> [<CommonParameters>]
Create a new account lifecycle policy in a PowerShell-friendly format that can be used when initializing or updating PAM providers. To modify specific settings on the policy, it is necessary to modify properties on the returned object.
Password template: First set $policy.Policy.PasswordTemplate.Mode = 'Custom'.
Assign a password template ID to $policy.Policy.PasswordTemplate.TemplateID (obtained from Get-DSPasswordPolicy).
Password reset: Configure automatic password rotation by setting $policy.Policy.PasswordReset.ScheduleMode = 'Custom'.
Specify the frequency with $policy.Policy.PasswordReset.ScheduleFrequency.
Set the unit with $policy.Policy.PasswordReset.ScheduleFrequencyUnit (Day, Hour, etc.).
Optionally set the time with $policy.Policy.PasswordReset.ScheduleAtDateTime.
Propagation scripts: Configure password propagation by setting $policy.Policy.Propagation.Mode = 'Custom'.
Assign script IDs to $policy.Policy.Propagation.ScriptConfigurationIds (obtained from Get-DSScriptConfigurationSummary).
PS C:\> $template = Get-DSPasswordPolicy -Name "Strong Password"
PS C:\> $script = Get-DSScriptConfigurationSummary -Name "My Propagation Script"
PS C:\> $policy = New-DSAccountLifecyclePolicyInfo -Source Custom -PolicyType Custom
PS C:\> $gateway = Get-DSGateway -Name 'MyGateway'
PS C:\> $policy.Policy.PasswordTemplate.Mode = 'Custom'
PS C:\> $policy.Policy.PasswordTemplate.TemplateID = $template.ID
PS C:\> $policy.Policy.CheckInAction.Mode = 'Custom'
PS C:\> $policy.Policy.CheckInAction.Actions = @('ResetPassword')
PS C:\> $policy.Policy.PasswordReset.ScheduleMode = 'Custom'
PS C:\> $policy.Policy.PasswordReset.ScheduleFrequency = 30
PS C:\> $policy.Policy.PasswordReset.ScheduleFrequencyUnit = 'Day'
PS C:\> $policy.Policy.PasswordReset.ScheduleAtDateTime = Get-Date -Hour 14 -Minute 0 -Second 0
PS C:\> $policy.Policy.Propagation.Mode = 'Custom'
PS C:\> $policy.Policy.Propagation.ScriptConfigurationIds = @($script.ID)
PS C:\> New-DSPamProvider -Name "MyProvider" -CredentialType DomainUser -DomainName "mydomain.loc" -Username "admin" -Password "P@ssw0rd" -AccountLifecyclePolicy $policy -Gateway $gateway
Create a PAM provider with a custom account lifecycle policy and initialize multiple properties to custom values. Note: 'ResetPassword' in CheckInAction.Actions corresponds to the 'Password rotation' option in the UI.
PS C:\> $customPolicy = Get-DSAccountLifecyclePolicy -Name "My Custom Policy"
PS C:\> $policy = New-DSAccountLifecyclePolicyInfo -PolicyID $customPolicy.ID
PS C:\> New-DSPamProvider -Name "MyProvider" -CredentialType DomainUser -DomainName "mydomain.loc" -Username "admin" -Password "P@ssw0rd" -AccountLifecyclePolicy $policy
Create a PAM provider using an existing account lifecycle policy.
Source is automatically set to Custom.
The ID of an existing account lifecycle policy.
The new policy will use this policy's settings.
The Source of the returned policy is automatically set to Custom.
Type: System.Guid
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: GetByID
Position: Named
IsRequired: true
ValueFromPipeline: false
ValueFromPipelineByPropertyName: false
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
The policy type (Default or Custom). This will set the returned object's PolicyID field to an equivalent value.
Type: RemoteDesktopManager.PowerShellModule.Private.enums.AccountLifecyclePolicyType
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: Type
Position: Named
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: false
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
The policy source (Default, Custom, or None)
Type: RemoteDesktopManager.PowerShellModule.Private.enums.AccountLifecyclePolicyProviderMode
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: Type
Position: Named
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: false
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
For more information, type "Get-Help New-DSAccountLifecyclePolicyInfo -detailed". For technical information, type "Get-Help New-DSAccountLifecyclePolicyInfo -full".
Partagez vos commentaires