PowerShell Logo Small

Set-ADAuthenticationPolicy



This is the built-in help made by Microsoft for the command 'Set-ADAuthenticationPolicy', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Modifies an Active Directory Domain Services authentication policy object.

SYNTAX


Set-ADAuthenticationPolicy [-Identity] <ADAuthenticationPolicy> [-Add <Hashtable>] [-AuthType {Negotiate | Basic}] [-Clear <String[]>] [-ComputerAllowedToAuthenticateTo
<String>] [-ComputerTGTLifetimeMins <Int32>] [-Credential <PSCredential>] [-Description <String>] [-Enforce <Boolean>] [-PassThru] [-ProtectedFromAccidentalDeletion
<Boolean>] [-Remove <Hashtable>] [-Replace <Hashtable>] [-Server <String>] [-ServiceAllowedToAuthenticateFrom <String>] [-ServiceAllowedToAuthenticateTo <String>]
[-ServiceTGTLifetimeMins <Int32>] [-UserAllowedToAuthenticateFrom <String>] [-UserAllowedToAuthenticateTo <String>] [-UserTGTLifetimeMins <Int32>] [-Confirm] [-WhatIf]
[<CommonParameters>]
Set-ADAuthenticationPolicy [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-PassThru] [-Server <String>] -Instance <ADAuthenticationPolicy> [-Confirm]
[-WhatIf] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Set-ADAuthenticationPolicy cmdlet modifies the properties of an Active Directory® Domain Services authentication policy. Commonly used attributes of the object can be
specified by the parameters of this cmdlet. Property values that are not associated with cmdlet parameters can be modified by using the Add, Replace, Clear and Remove
parameters.


The Identity parameter specifies the Active Directory Domain Services authentication policy to modify. You can specify an authentication policy object by using a
distinguished name (DN), a GUID, or a name. You can also use the Identity parameter to specify a variable that contains an authentication policy object, or you can use the
pipeline operator to pass an authentication policy object to the Identity parameter. To get an authentication policy object, use the Get-ADAuthenticationPolicy cmdlet.


Use the Instance parameter to specify an authentication policy object to use as a template for the object being modified. Do not specify both the Instance parameter and the
Identity parameter.


For more information about how the Instance concept is used in Active Directory Domain Services cmdlets, see about_ActiveDirectory_Instance.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/p/?linkid=313377
Get-ADAuthenticationPolicy
New-ADAuthenticationPolicy
Remove-ADAuthenticationPolicy

REMARKS

<

Examples


Example 1: Modify properties of a specified authentication policy

PS C:\> Set-ADAuthenticationPolicy -Identity AuthenticationPolicy01 -Description "testDescription" -UserTGTLifetimeMins 45



This command modifies the description and the UserTGTLifetimeMins properties of the specified authentication policy.




Example 2: Modify properties of an authentication policy by using an Instance

PS C:\> $authPolicy = Get-ADAuthenticationPolicy -Identity AuthenticationPolicy02
PS C:\> $authPolicy.Description = 'testDescription'
PS C:\> $authPolicy.UserTGTLifetimeMins = 60
PS C:\> Set-ADAuthenticationPolicy -Instance $authPolicy



This example first gets the authentication policy named AuthenticationPolicy02 by using the Get-ADAuthenticationPolicy cmdlet. The authentication policy object is stored in
the variable named $authPolicy.

The next commands modify the properties of the object in the variable, and the final command specifies the Instance parameter to commit the changes to the authentication
policy stored in the $authPolicy variable.




Example 3: Modify multiple authentication policies

PS C:\> Get-ADAuthenticationPolicy -Filter 'UserTGTLifetimeMins -le 50' | Set-ADAuthenticationPolicy -UserTGTLifetimeMins 60



This command uses the Get-ADAuthenticationPolicy cmdlet with the Filter parameter to get all authentication policies that have the UserTGTLifetimeMins value set below 50
minutes. The pipeline operator then passes the result of the filter to Set-AdAuthenticationPolicy, which sets the new UserTGTLifetimeMins value to 60 minutes.




Example 4: Replace an existing property value

PS C:\> Set-ADAuthenticationPolicy -Identity AuthenticationPolicy03 -Replace @{description="New Description"}



This command replaces the existing description property for AuthenticationPolicy03 with the new description specified by the Replace parameter.