This is the built-in help made by Microsoft for the command 'Set-ADCentralAccessRule', in PowerShell version 3 - as retrieved from
Windows version 'Microsoft Windows Server 2012 Standard' PowerShell help files on 2016-06-23.
For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.
Modifies a central access rule in Active Directory.
Set-ADCentralAccessRule [-Identity] <ADCentralAccessRule> [-Add <Hashtable>] [-AuthType <ADAuthType>] [-Clear <String[]>] [-Credential
<PSCredential>] [-CurrentAcl <String>] [-Description <String>] [-PassThru [<SwitchParameter>]] [-ProposedAcl <String>]
[-ProtectedFromAccidentalDeletion <Boolean>] [-Remove <Hashtable>] [-Replace <Hashtable>] [-ResourceCondition <String>] [-Server <String>]
[-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]
Set-ADCentralAccessRule [-AuthType <ADAuthType>] [-Credential <PSCredential>] [-PassThru [<SwitchParameter>]] [-Server <String>] -Instance
<ADCentralAccessRule> [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]
The Set-ADCentralAccessRule cmdlet can be used to modify a central access rule in a central access policy that is stored in Active Directory.
<
Online Version: http://go.microsoft.com/fwlink/?LinkId=216407
<
-------------------------- EXAMPLE 1 --------------------------
C:\PS>$departmentResourceProperty = Get-ADResourceProperty Department
$resourceCondition = "(@RESOURCE." + $departmentResourceProperty.Name + " Contains {`"Finance`"})"
Set-ADCentralAccessRule "Finance Documents Rule" -ResourceCondition $resourceCondition
Description
-----------
Set the central access rule named "Finance Documents Rule" with a new resource condition. The resource condition scopes the resources to ones
containing the value 'Finance' in their 'Department' resource property.
-------------------------- EXAMPLE 2 --------------------------
C:\PS>$countryClaimType = Get-ADClaimType Country;
$departmentClaimType = Get-ADClaimType Department;
$countryResourceProperty = Get-ADResourceProperty Country;
$departmentResourceProperty = Get-ADResourceProperty Department;
$financeException = Get-ADGroup FinanceException;
$financeAdmin = Get-ADGroup FinanceAdmin;
$resourceCondition = "(@RESOURCE." + $departmentResourceProperty.Name + " Contains {`"Finance`"})"
$currentAcl = "O:SYG:SYD:AR(A;;FA;;;OW)(A;;FA;;;BA)(A;;0x1200a9;;;" + $financeException.SID.Value + ")(A;;0x1301bf;;;" +
$financeAdmin.SID.Value + ")(A;;FA;;;SY)(XA;;0x1200a9;;;AU;((@USER." + $countryClaimType.Name + " Any_of @RESOURCE." +
$countryResourceProperty.Name + ") && (@USER." + $departmentClaimType.Name + " Any_of @RESOURCE." + $departmentResourceProperty.Name + ")))";
Set-ADCentralAccessRule "Finance Documents Rule" -ResourceCondition $resourceCondition -CurrentAcl $currentAcl
Description
-----------
Set the central access rule named "Finance Documents Rule" with a new resource condition and new permissions.
The new rule specifies that documents should only be read by members of the Finance department. Members of the Finance department should only
be able to access documents in their own country. Only Finance Administrators should have write access. The rule allows an exception for
members of the FinanceException group. This group will have read access.
Targeting:
Resource.Department Contains Finance
Access rules:
Allow Read User.Country=Resource.Country AND User.department = Resource.Department
Allow Full control User.MemberOf(FinanceAdmin)
Allow Read User.Country=Resource.Country AND User.department = Resource.Department
Allow Read User.MemberOf(FinanceException)
-------------------------- EXAMPLE 3 --------------------------
C:\PS>Get-ADCentralAccessRule "Finance Documents Rule" | Set-ADCentralAccessRule -Description "For finance documents."
Description
-----------
Get the central access rule named "Finance Documents Rule", and set the description to "For finance documents."