Creates a group rule in the specified ActiveView.
New-DRAGroupRule -ActiveView <String> -Name <String> [-Exclude <SwitchParameter>] [-ExcludeChildOUs <SwitchParameter>] [-RestrictUsageOnlyAllow <SwitchParameter>] [-RestrictUsageDoNotAllow <SwitchParameter>] [-Comment <String>] [-Object <String>] [-ObjectMatchProperty <String>] [-NestedMembership <SwitchParameter>] [-MembersOnly <SwitchParameter>] [-GroupsMatch <String>] [-MemberTypes <String[]>] [-GroupTypes <String>] [-GroupScopes <String[]>] [-OU <String>] [-OUMatchProperty <String>] [-Domain <String>] [-DomainMatchProperty <String>] [-MemberServer <SwitchParameter>] [-DRARestServer <String>] [-DRARestPort <Int32>] [-IgnoreCertificateErrors <SwitchParameter>] [-Force <SwitchParameter>] [-Timeout <Int32>] [<CommonParameters>]
The New-DRAGroupRule cmdlet creates the requested group rule in the specified ActiveView. You must have the appropriate powers, such as those included in the Manage Security Model role to run this cmdlet.
Attribute / Description |
Parameters / Values |
||||
---|---|---|---|---|---|
Required |
Position |
Default Value |
Accept Pipeline input? |
Accept wildcard characters? |
|
ActiveView <String> Name of the ActiveView to add the rule to. |
true |
named |
true (ByPropertyName) |
false |
|
Name <String> Name of the ActiveView rule to be created. |
true |
named |
true (ByPropertyName) |
false |
|
Exclude [<SwitchParameter>] Specifies whether the ActiveView rule includes or excludes objects. By default, objects are included in the ActiveView rule. |
false |
named |
true (ByPropertyName) |
false |
|
RestrictUsageOnlyAllow [<SwitchParameter>] Enables the objects included in the ActiveView rule to be cloned, moved, or added to other groups. If the value for the RestrictUsageOnlyAllow parameter is true, the cmdlet ignores the value that is specified for the RestrictUsageDoNotAllow parameter. The default value is false. |
false |
named |
true (ByPropertyName) |
false |
|
RestrictUsageDoNotAllow [<SwitchParameter>] Restricts the objects included in the ActiveView rule from being cloned, moved, or added to groups. The default value is false. |
false |
named |
true (ByPropertyName) |
false |
|
Comment [<String>] Specifies additional information about the ActiveView rule. |
false |
named |
true (ByPropertyName) |
false |
|
Object [<String>] The objects to be included in the ActiveView rule. By default, all objects are included in the ActiveView rule. |
false |
named |
true (ByPropertyName) |
false |
|
ObjectMatchProperty [<String>] The object property to use when searching for objects. The value can be userPrincipalName, samAccountName, McsNameValue or McsPath. |
false |
named |
true (ByPropertyName) |
false |
|
NestedMembership [<SwitchParameter>] Specifies whether to include nested groups when searching for objects. By default, nested groups are included. |
false |
named |
true (ByPropertyName) |
false |
|
MembersOnly [<SwitchParameter>] Specifies whether to include only member objects from the matching groups or include both member objects and groups. By default, both groups and member objects are included. |
false |
named |
|
true (ByPropertyName) |
false |
GroupsMatch [<String>] The groups to include when searching for objects. You can specify the exact group name or a wildcard value. |
false |
named |
true (ByPropertyName) |
false |
|
MemberTypes [<String[]>] The type of member object that is managed by the rule. This parameter can have the following values:
You can specify more than one value separated by a comma. If you specify NONE, the rule includes only groups. By default, the rule includes all member objects. |
|
|
|
|
|
GroupTypes [<String>] The type of group that is managed by the rule. This parameter can have the following values:
|
false |
named |
|
true (ByPropertyName) |
false |
GroupScopes [<String[]>] The scope of group that is managed by the rule. This parameter can have the following values:
You can specify more than one value separated by a comma. By default, the rule includes all group scopes. |
false |
named |
|
true (ByPropertyName) |
false |
OU [<String>] The OU name to use when searching for objects. You can specify the exact OU name or a wildcard value. |
false |
named |
true (ByPropertyName) |
false |
|
OUMatchProperty [<String>] The OU property to use when searching for objects. The value can be McsNameValue or McsPath. |
false |
named |
true (ByPropertyName) |
false |
|
ExcludeChildOUs [<SwitchParameter>] A switch parameter to request that the search exclude child organizational units. By default, child OUs are included. |
false |
named |
true (ByPropertyName) |
false |
|
Domain [<String>] The name of the domain to use when searching for objects. You can specify the exact domain name or a wildcard value. |
false |
named |
true (ByPropertyName) |
false |
|
DomainMatchProperty [<String>] The domain property to use when searching for objects. The value can be McsNameValue or McsPath. |
false |
named |
true (ByPropertyName) |
false |
|
MemberServer [<SwitchParameter>] A switch parameter to request that the search include member servers when searching for objects. The default value is false. The search operation uses the values specified in the Domain and DomainMatchProperty parameters as the search criteria. |
false |
named |
true (ByPropertyName) |
false |
|
DRARestServer [<String>] The name of the computer running the DRA REST Service. The requested DRA operation will execute on this server. If the parameter is not specified, the value defaults to 'localhost'. |
false |
named |
|
true (ByPropertyName) |
false |
DRARestPort [<Int32>] The port number of the DRA REST Service. This parameter is only used when the DRARestServer parameter is also specified. If the parameter is not specified, the value defaults to 8755. |
false |
named |
8755 |
true (ByPropertyName) |
false |
IgnoreCertificateErrors [<SwitchParameter>] Allows the request to bypass any SSL certificate errors, such as the InvalidOperation error that occurs when the REST Service is bound to a self-signed certificate. |
false |
named |
|
false |
false |
Force [<SwitchParameter>] Suppresses any request for user input and supplies a 'yes' response. For example: -Force with a delete request will perform the delete without presenting the confirmation request to the user. |
false |
named |
|
false |
false |
Timeout [<Int32>] The number of seconds to wait before the request to the DRA REST server times out. To specify an infinite timeout, you can set this parameter to -1. |
false |
named |
100 seconds |
true (ByPropertyName) |
false |
<CommonParameters> Verbose, Debug, ErrorAction, ErrorVariable, WarningAction, WarningVariable, OutBuffer, PipelineVariable, and OutVariable. For more information, see About CommonParameters. |
|
|
|
|
|
NOTE:For more information, type "Get-Help New-DRAGroupRule -detailed". For technical information, type "Get-Help New-DRAGroupRule -full".
Example 10-26 1
PS C:\>New-DRAGroupRule -Name "DRA Rule" -ActiveView "My AV" -Object "*" -OU "*" -Domain "*" -GroupTypes "Security" -GroupScopes "U"
This example creates a group rule named "DRA Rule" in an existing ActiveView named "My AV" with a list of members from all universal security groups in any OU, and in any domain.