PowerShell Logo Small

New-ADAuthenticationPolicy



This is the built-in help made by Microsoft for the command 'New-ADAuthenticationPolicy', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Creates an Active Directory Domain Services authentication policy object.

SYNTAX


New-ADAuthenticationPolicy [-Name] <String> [-AuthType {Negotiate | Basic}] [-ComputerAllowedToAuthenticateTo <String>] [-ComputerTGTLifetimeMins <Int32>] [-Credential
<PSCredential>] [-Description <String>] [-Enforce] [-Instance <ADAuthenticationPolicy>] [-OtherAttributes <Hashtable>] [-PassThru] [-ProtectedFromAccidentalDeletion
<Boolean>] [-Server <String>] [-ServiceAllowedToAuthenticateFrom <String>] [-ServiceAllowedToAuthenticateTo <String>] [-ServiceTGTLifetimeMins <Int32>]
[-UserAllowedToAuthenticateFrom <String>] [-UserAllowedToAuthenticateTo <String>] [-UserTGTLifetimeMins <Int32>] [-Confirm] [-WhatIf] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The New-ADAuthenticationPolicy creates an authentication policy object in Active Directory® Domain Services.


Commonly used attributes of the object can be specified by the parameters of this cmdlet. To set attributes for the object that are not represented by the parameters of this
cmdlet, specify the OtherAttributes parameter.


You can use the pipeline operator and the Import-Csv cmdlet to pass a list for bulk creation of objects in the directory. You can also specify a template object by using
the Instance parameter to create objects from a template.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/p/?linkid=288462
Get-ADAuthenticationPolicy
Remove-ADAuthenticationPolicy
Set-ADAuthenticationPolicy

REMARKS

<

Examples


Example 1: Create an authentication policy with a user TGT lifetime

PS C:\> New-ADAuthenticationPolicy -Name "AuthenticationPolicy01" -UserTGTLifetimeMins 60



This command creates an authentication policy object named AuthenticationPolicy01 and sets the TGT lifetime for a user account to 60 minutes. Because the Enforce parameter
is not specified, the authentication policy created is in audit mode.




Example 2: Create an enforced authentication policy

PS C:\> New-ADAuthenticationPolicy -Name "AuthenticationPolicy02" -Enforce



This command creates an authentication policy named AuthenticationPolicy02 and enforces it by specifying the Enforce parameter.




Example 3: Create an authentication policy

PS C:\> New-ADAuthenticationPolicy -Name "testAuthenticationPolicy" -UserAllowedToAuthenticateFrom (Get-Acl .\someFile.txt).sddl



This command creates an authentication policy named TestAuthenticationPolicy. The UserAllowedToAuthenticationFrom parameter specifies the devices from which users are
allowed to authenticate by an SDDL string in the file named someFile.txt