Set (add or remove) a trustee for a group.
Set-DRAGroupPermissions -Domain <String> [-Users <String>] [-Groups <String>] -AccessMode <Int32> -Action <Int32> -Permission <Int32> -Identifier <String> [-DRARestServer <String>] [-DRARestPort <Int32>] [-IgnoreCertificateErrors <SwitchParameter>] [-Force <SwitchParameter>] [-Timeout <Int32>] [<CommonParameters>]
The Set-DRAGroupPermissions cmdlet sets (adds or removes) a trustee for the group named in the Identifier parameter.
Identifier: Supported formats for group Identifier in the distinguished name.
Users: a list of users in distinguished name delimited by semicolons.
AccessMode: 1 for GRANT ACCESS; 3 for DENY ACCESS.
Action: 0 to add to group trustees list. 1 to remove from group trustees list.
Permission: 16 READ ONLY; 32 WRITE ONLY; 48 READ and WRITE
Attribute / Description |
Parameters / Values |
||||
---|---|---|---|---|---|
Required |
Position |
Default Value |
Accept Pipeline input? |
Accept wildcard characters? |
|
Users [<String>] An existing Active Directory user objects that should be added or removed from the group permissions. The user identifier can be in either the name or the distinguished name. |
false |
named |
|
true (ByPropertyName) |
false |
Groups [<String>] An existing Active Directory user objects that should be added or removed from the group permissions. The user identifier can be in either the name or the distinguished name. |
false |
named |
|
true (ByPropertyName) |
false |
AccessMode <Nullable`1> AccessMode: 1 for GRANT ACCESS; 3 for DENY ACCESS; 4 for GRANT AND DENY ACCESS. |
false |
named |
|
true (ByPropertyName) |
false |
Action <Nullable`1> Action: 0 add to group trustees list. 1 remove from group trustees list |
false |
named |
|
true (ByPropertyName) |
false |
Permission <Nullable`1> Permission: 16 READ ONLY; 32 WRITE ONLY; 48 READ and WRITE. |
false |
named |
|
true (ByPropertyName) |
false |
Identifier <String> The name or distinguished name of an existing Active Directory object. When the name is specified, an additional call to the DRA Server is needed to obtain the distinguished name for the object. |
true |
named |
|
true (ByPropertyName) |
false |
Domain <String> The domain of the object in fqdn format. For example: mydomain.corp |
true |
named |
|
true (ByPropertyName) |
false |
DRARestServer [<String>] The name of the computer running the DRA Rest Service. The requested DRA operation will execute on this server. If the parameter is not specified, the value defaults to 'localhost'. |
false |
named |
|
true (ByPropertyName) |
false |
DRARestPort [<Int32>] The port where the DRA REST Service listens for requests. If the parameter is not specified, the value defaults to 8755. |
false |
named |
8755 |
true (ByPropertyName) |
false |
IgnoreCertificateErrors [<SwitchParameter>] Allows the request to bypass any SSL certificate errors, such as the InvalidOperation error that occurs when the REST Service is bound to a self-signed certificate. |
false |
named |
|
false |
false |
Force [<SwitchParameter>] Suppresses any request for user input and supplies a 'yes' response. For example: -Force with a delete request will perform the delete without presenting the confirmation request to the user. |
false |
named |
|
false |
false |
Timeout [<Int32>] The number of seconds to wait before the request to the DRA REST server times out. To specify an infinite timeout, you can set this parameter to -1. |
false |
named |
100 seconds |
true (ByPropertyName) |
false |
<CommonParameters> Verbose, Debug, ErrorAction, ErrorVariable, WarningAction, WarningVariable, OutBuffer, PipelineVariable, and OutVariable. For more information, see About CommonParameters. |
|
|
|
|
|
NOTE:For more information, type "Get-Help Set-DRAGroupPermissions -detailed". For technical information, type "Get-Help Set-DRAGroupPermissions -full".
Example 16-34 1
PS C:\>Set-DRAGroupPermissions -Domain MyDomain.corp -Identifier "CN=Group1,DC=MyDomain,DC=corp" -User "OU=User1,CN=Users,DC=MyDomain,DC=corp" -AccessMode 1 -Action 1 -Permission 48
This example removes the trustee User1 from the group named Group1. You need to match the grant access mode and permission exactly in order to remove the right one.
Example 16-35 2
PS C:\>Set-DRAGroupPermissions -Domain MyDomain.corp -Identifier "CN=Group1,DC=MyDomain,DC=corp" -User "OU=User1,CN=Users,DC=MyDomain,DC=corp" -AccessMode 1 -Action 0 -Permission 48
This example adds the trustee User1 to the group named Group1 with the GRANT ACCESS mode and READ and WRITE permission.
Example 16-36 3
PS C:\>Set-DRAGroupPermissions -Domain MyDomain.corp -Identifier "CN=Group1,DC=MyDomain,DC=corp" -Users "OU=User1,CN=Users,DC=MyDomain,DC=corp;OU=User2,CN=Users,DC=MyDomain,DC=corp" -AccessMode 1 -Action 0 -Permission 48
This example adds trustees User1 and User2 to the group named Group1 with the same GRANT ACCESS mode and READ and WRITE permission.
Example 16-37 4
PS C:\>Set-DRAGroupPermissions -Domain MyDomain.corp -Identifier "CN=Group1,DC=MyDomain,DC=corp" -Groups "OU=Group11,DC=MyDomain,DC=corp;OU=Group12,DC=MyDomain,DC=corp" -AccessMode 1 -Action 0 -Permission 48
This example adds trustees Group11 and Group12 to the group named Group1 with the same GRANT ACCESS mode and READ and WRITE permission.