PowerShell Logo Small


This is the built-in help made by Microsoft for the command 'Set-ADAuthenticationPolicy', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.


Modifies an Active Directory Domain Services authentication policy object.


Set-ADAuthenticationPolicy [-Identity] <ADAuthenticationPolicy> [-Add <Hashtable>] [-AuthType {Negotiate | Basic}] [-Clear <String[]>] [-ComputerAllowedToAuthenticateTo
<String>] [-ComputerTGTLifetimeMins <Int32>] [-Credential <PSCredential>] [-Description <String>] [-Enforce <Boolean>] [-PassThru] [-ProtectedFromAccidentalDeletion
<Boolean>] [-Remove <Hashtable>] [-Replace <Hashtable>] [-Server <String>] [-ServiceAllowedToAuthenticateFrom <String>] [-ServiceAllowedToAuthenticateTo <String>]
[-ServiceTGTLifetimeMins <Int32>] [-UserAllowedToAuthenticateFrom <String>] [-UserAllowedToAuthenticateTo <String>] [-UserTGTLifetimeMins <Int32>] [-Confirm] [-WhatIf]
Set-ADAuthenticationPolicy [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-PassThru] [-Server <String>] -Instance <ADAuthenticationPolicy> [-Confirm]
[-WhatIf] [<CommonParameters>]

Search powershellhelp.space


The Set-ADAuthenticationPolicy cmdlet modifies the properties of an Active Directory® Domain Services authentication policy. Commonly used attributes of the object can be
specified by the parameters of this cmdlet. Property values that are not associated with cmdlet parameters can be modified by using the Add, Replace, Clear and Remove

The Identity parameter specifies the Active Directory Domain Services authentication policy to modify. You can specify an authentication policy object by using a
distinguished name (DN), a GUID, or a name. You can also use the Identity parameter to specify a variable that contains an authentication policy object, or you can use the
pipeline operator to pass an authentication policy object to the Identity parameter. To get an authentication policy object, use the Get-ADAuthenticationPolicy cmdlet.

Use the Instance parameter to specify an authentication policy object to use as a template for the object being modified. Do not specify both the Instance parameter and the
Identity parameter.

For more information about how the Instance concept is used in Active Directory Domain Services cmdlets, see about_ActiveDirectory_Instance.



Online Version: http://go.microsoft.com/fwlink/p/?linkid=313377




Example 1: Modify properties of a specified authentication policy

PS C:\> Set-ADAuthenticationPolicy -Identity AuthenticationPolicy01 -Description "testDescription" -UserTGTLifetimeMins 45

This command modifies the description and the UserTGTLifetimeMins properties of the specified authentication policy.

Example 2: Modify properties of an authentication policy by using an Instance

PS C:\> $authPolicy = Get-ADAuthenticationPolicy -Identity AuthenticationPolicy02
PS C:\> $authPolicy.Description = 'testDescription'
PS C:\> $authPolicy.UserTGTLifetimeMins = 60
PS C:\> Set-ADAuthenticationPolicy -Instance $authPolicy

This example first gets the authentication policy named AuthenticationPolicy02 by using the Get-ADAuthenticationPolicy cmdlet. The authentication policy object is stored in
the variable named $authPolicy.

The next commands modify the properties of the object in the variable, and the final command specifies the Instance parameter to commit the changes to the authentication
policy stored in the $authPolicy variable.

Example 3: Modify multiple authentication policies

PS C:\> Get-ADAuthenticationPolicy -Filter 'UserTGTLifetimeMins -le 50' | Set-ADAuthenticationPolicy -UserTGTLifetimeMins 60

This command uses the Get-ADAuthenticationPolicy cmdlet with the Filter parameter to get all authentication policies that have the UserTGTLifetimeMins value set below 50
minutes. The pipeline operator then passes the result of the filter to Set-AdAuthenticationPolicy, which sets the new UserTGTLifetimeMins value to 60 minutes.

Example 4: Replace an existing property value

PS C:\> Set-ADAuthenticationPolicy -Identity AuthenticationPolicy03 -Replace @{description="New Description"}

This command replaces the existing description property for AuthenticationPolicy03 with the new description specified by the Replace parameter.