Skip to main content

Invoke-AdmfDomain

SYNOPSIS

Brings a domain into compliance with the desired state.

SYNTAX

__AllParameterSets

Invoke-AdmfDomain [[-Server] <ComputerParameter[]>] [[-Credential] <pscredential>]
[[-Options] <UpdateDomainOptions[]>] [[-CredentialProvider] <string>] [-ContextPrompt] [-WhatIf]
[-Confirm] [<CommonParameters>]

DESCRIPTION

Brings a domain into compliance with the desired state. It implements a wide variety of settings against the targeed domain, whether it be OUs, groups, users, gpos, acls or many more items.

Note on order:

  • OU Creation and Updating should be done first, but DELETING ous (OUHard) should be one of the last operations performed.
  • Acl & Access operations should be performed last
  • Managing group policy yields best results in this order: 1. Create new GPO 2. Create Links, only disabling undesired links 3. Delete unneeded GPO 4. Delete undesired links This is due to the fact that "unneeded GPO" are detected by being linked into managed GPOs.

EXAMPLES

EXAMPLE 1

Invoke-AdmfDomain

Brings the current domain into compliance with the desired state.

PARAMETERS

-Confirm

If this switch is enabled, you will be prompted for confirmation before executing any operations that change state.

Type: System.Management.Automation.SwitchParameter
DefaultValue: ''
SupportsWildcards: false
Aliases:
- cf
ParameterSets:
- Name: (All)
Position: Named
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: false
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-ContextPrompt

Force displaying the Context selection User Interface.

Type: System.Management.Automation.SwitchParameter
DefaultValue: False
SupportsWildcards: false
Aliases:
- Ctx
ParameterSets:
- Name: (All)
Position: Named
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: false
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-Credential

The credentials to use for this operation.

Type: System.Management.Automation.PSCredential
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 1
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: false
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-CredentialProvider

The credential provider to use to resolve the input credentials. See help on Register-AdmfCredentialProvider for details.

Type: System.String
DefaultValue: default
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 3
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: false
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-Options

The various operations that are supported. By default "default" operations are executed against the targeted domain.

  • Acl : The basic permission behavior of an object (e.g.: Owner, Inheritance)
  • GPLink : Manages the linking of group policies.
  • GPPermission : Managing permissions on group policy objects.
  • GroupPolicy : Deploying and updating GPOs.
  • GroupMembership : Assigning group membership
  • Group : Creating groups
  • OUSoft : Creating & modifying OUs, but not deleting them
  • OUHard : Creating, Modifying & Deleting OUs. This exists in order to be able to create new OUs, then move all objects over and only when done deleting undesired OUs. Will NOT delete OUs that contain objects.!
  • PSO : Implementing Finegrained Password Policies
  • Object : Custom AD object
    • User : Managing User objects
  • GPLinkDisable : Creating GP Links, but only disabling undesired links. This is needed in order to detect undesired GPOs to delete: Those linked when they shouldn't be!
    • GroupPolicyDelete : Deploy, update and delete Group Policy objects.
Type: ADMF.UpdateDomainOptions[]
DefaultValue: Default
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 2
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: false
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-Server

The server / domain to work with.

Type: PSFramework.Parameter.ComputerParameter[]
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 0
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: false
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-WhatIf

If this switch is enabled, no actions are performed but informational messages will be displayed that explain what would happen if the command were to run.

Type: System.Management.Automation.SwitchParameter
DefaultValue: ''
SupportsWildcards: false
Aliases:
- wi
ParameterSets:
- Name: (All)
Position: Named
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: false
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.