-
Notifications
You must be signed in to change notification settings - Fork 139
ADForestProperties
dscbot edited this page Aug 24, 2023
·
4 revisions
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| Credential | Write | PSCredential | Specifies the user account credentials to use to perform this task. | |
| ForestName | Key | String | Specifies the target Active Directory forest for the change. | |
| ServicePrincipalNameSuffix | Write | StringArray[] | Specifies the Service Principal Name (SPN) Suffix(es) to be explicitly defined in the forest and replace existing Service Principal Names. Cannot be used with ServicePrincipalNameSuffixToAdd or ServicePrincipalNameSuffixToRemove. | |
| ServicePrincipalNameSuffixToAdd | Write | StringArray[] | Specifies the Service Principal Name (SPN) Suffix(es) to be added to the forest. Cannot be used with ServicePrincipalNameSuffix. | |
| ServicePrincipalNameSuffixToRemove | Write | StringArray[] | Specifies the Service Principal Name (SPN) Suffix(es) to be removed from the forest. Cannot be used with ServicePrincipalNameSuffix. | |
| TombStoneLifetime | Write | SInt32 | Specifies the AD Tombstone lifetime which determines how long deleted items exist in Active Directory before they are purged. | |
| UserPrincipalNameSuffix | Write | StringArray[] | Specifies the User Principal Name (UPN) Suffix(es) to be explicitly defined in the forest and replace existing User Principal Names. Cannot be used with UserPrincipalNameSuffixToAdd or UserPrincipalNameSuffixToRemove. | |
| UserPrincipalNameSuffixToAdd | Write | StringArray[] | Specifies the User Principal Name (UPN) Suffix(es) to be added to the forest. Cannot be used with UserPrincipalNameSuffix. | |
| UserPrincipalNameSuffixToRemove | Write | StringArray[] | Specifies the User Principal Name (UPN) Suffix(es) to be removed from the forest. Cannot be used with UserPrincipalNameSuffix. |
The ADForestProperties DSC resource will manage forest wide settings within an Active Directory forest. These include User Principal Name (UPN) suffixes, Service Principal Name (SPN) suffixes and the tombstone lifetime.
- Target machine must be running Windows Server 2008 R2 or later.
This configuration will manage the Service and User Principal name suffixes in the forest by replacing any existing suffixes with the ones specified in the configuration.
Configuration ADForestProperties_ReplaceForestProperties_Config
{
Import-DscResource -ModuleName ActiveDirectoryDsc
node 'localhost'
{
ADForestProperties 'contoso.com'
{
ForestName = 'contoso.com'
UserPrincipalNameSuffix = 'fabrikam.com', 'industry.com'
ServicePrincipalNameSuffix = 'corporate.com'
}
}
}This configuration will manage the Service and User Principal name suffixes in the forest by adding and removing the desired suffixes. This will not overwrite existing suffixes in the forest.
Configuration ADForestProperties_AddRemoveForestProperties_Config
{
Import-DscResource -ModuleName ActiveDirectoryDsc
node localhost
{
ADForestProperties 'ContosoProperties'
{
ForestName = 'contoso.com'
ServicePrincipalNameSuffixToAdd = 'test.net'
ServicePrincipalNameSuffixToRemove = 'test.com'
UserPrincipalNameSuffixToAdd = 'cloudapp.net', 'fabrikam.com'
UserPrincipalNameSuffixToRemove = 'pester.net'
}
}
}This configuration will manage the Tombstone Lifetime setting of the Active Directory forest.
Configuration ADForestProperties_TombstoneLifetime_Config
{
Import-DscResource -ModuleName ActiveDirectoryDsc
node localhost
{
ADForestProperties 'ContosoProperties'
{
ForestName = 'contoso.com'
TombstoneLifetime = 200
}
}
}- ADComputer
- ADDomain
- ADDomainController
- ADDomainControllerProperties
- ADDomainDefaultPasswordPolicy
- ADDomainFunctionalLevel
- ADDomainTrust
- ADFineGrainedPasswordPolicy
- ADForestFunctionalLevel
- ADForestProperties
- ADGroup
- ADKDSKey
- ADManagedServiceAccount
- ADObjectEnabledState
- ADObjectPermissionEntry
- ADOptionalFeature
- ADOrganizationalUnit
- ADReplicationSite
- ADReplicationSiteLink
- ADReplicationSubnet
- ADServicePrincipalName
- ADUser
- Home
- WaitForADDomain