Removes mapping of SIDs from untrusted forest to SID from PDS forest.
Remove-AdmPwdPdsSidMapping [-Pds] <PdsEndpoint> [-PrimarySid] <SecurityIdentifier> [<CommonParameters>]
Remove-AdmPwdPdsSidMapping [-PdsName] <String> [-PrimarySid] <SecurityIdentifier> [<CommonParameters>]
PDS supports management of untrusted forests. However, for management of untrusted forests, the following prerequisites must be configured:
- Explicit credentials for PDS to use when accessing intrusted forest
- Mapping of SID from untrusted forest to SIDs from PDS forests.
SID mappings are used for access control - User who wants to read or reset password must have his/her own SID (own SID or SID of group he/she is member of) 'paired' with SID that has been delegated the permission for password read/reset in untrusted forest.
SID mapping is used to establish this pairing of SIDs.
Configuration is stored in PDS.config file. This command removes matching entry from configuration.
Get-AdmPwdPds | Remove-AdmPwdPdsSidMapping -PrimarySid $primarySid
Gets list of all PDS instances discovered and removes definition SID mapping.
Note: Mapping is identified by PrimarySid
Instance of PDS as returned by Get-AdmPwdPds command
Type: PdsEndpoint Parameter Sets: Pds Aliases: Required: True Position: 0 Default value: None Accept pipeline input: True (ByValue) Accept wildcard characters: False
Name of instance of PDS - DNS name of machine hosting PDS service
Type: String Parameter Sets: PdsName Aliases: Required: True Position: 0 Default value: None Accept pipeline input: True (ByValue) Accept wildcard characters: False
Sid from untrusted forest.
This is SID of principal that is delegated permission to read/reset password in untrusted forest.
Type: SecurityIdentifier Parameter Sets: (All) Aliases: Required: True Position: 1 Default value: None Accept pipeline input: False Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Caller has to be member of PDS administrators role. If not member, Access Denied error is returned.