Add-AdmPwdPdsSupportedForest
SYNOPSIS
Adds registration of supported AD forest for management to PDS configuration (optionally with connection credentials for the forest).
SYNTAX
Pds
Add-AdmPwdPdsSupportedForest [-Pds] <PdsEndpoint> [-ForestName] <String> [[-Credential] <PSCredential>] [[-KeyId] <UInt32>] [-OverrideForestName] [<CommonParameters>]
PdsName
Add-AdmPwdPdsSupportedForest [-PdsName] <String> [-ForestName] <String> [[-Credential] <PSCredential>] [[-KeyId] <UInt32>] [-OverrideForestName] [<CommonParameters>]
DESCRIPTION
PDS supports management of untrusted forests. However, for management of untrusted forests, the following prerequisites must be configured:
- Explicit credentials for PDS to use when accessing untrusted forest
- Mapping of SID from untrusted forest to SIDs from PDS forests.
For management of untrusted AD forest, connection credentials are required.
For management of trusted AD forest, connection credentials are optional.
For management of SID mappings for management of untrusted forest, see command Add-AdmPwdPdsSidMapping
EXAMPLES
Example 1
# Collect connection credentials
$creds = Get-Credential
# Configure supported forest on all PDS instances
Get-AdmPwdPds | Add-AdmPwdPdsSupportedForest -ForestName 'MyRemoteForest.com' $Credential $creds
Gets list of all PDS instances discovered and adds definition of supported AD forest with explicit connection credentials. Credentials are encrypted in PDS configuration file by most recent PDS enryption key. Connection credentials must have permissions delegated in untrusted forest via Set-AdmPwdPdsPermission command.
PARAMETERS
-Pds
Instance of PDS as returned by Get-AdmPwdPds command
Type: PdsEndpoint
Parameter Sets: Pds
Aliases:
Required: True
Position: 0
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False
-PdsName
Name of instance of PDS - DNS name of machine hosting PDS service
Type: String
Parameter Sets: PdsName
Aliases:
Required: True
Position: 0
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False
-ForestName
DNS name of remote AD forest.
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Credential
Credential to use when PDS connects to AD forest being added.
Type: PSCredential
Parameter Sets: (All)
Aliases:
Required: False
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-KeyId
ID of key that will be used to protect connection credentials in PDS configuration file.
Default: null (which means that PDS will automatically use latest encryption key)
Type: UInt32
Parameter Sets: (All)
Aliases:
Required: False
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-OverrideForestName
Do not specify unless you know what you're doing or product support asks you to do so
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
INPUTS
AdmPwd.Types.PdsEndpoint
System.Management.Automation.PSCredential
System.String
System.UInt32
OUTPUTS
AdmPwd.Types.SupportedForest
NOTES
Caller has to be member of PDS administrators role. If not a member, Access Denied error is returned.