Modify an AD forest.
Syntax
Set-ADForest [-Identity] ADForest
[-AuthType {Negotiate | Basic}] [-Credential PSCredential]
[-PassThru] [-Server string]
[-SPNSuffixes hashtable] [-UPNSuffixes hashtable] [CommonParameters]
Key
-AuthType {Negotiate | Basic}
The authentication method to use: Negotiate (or 0), Basic (or 1)
A Secure Sockets Layer (SSL) connection is required for Basic authentication.
-Credential PSCredential
The user account credentials to use to perform this task.
The default credentials are those of the currently logged on user unless the
cmdlet is run from an Active Directory PowerShell provider drive.
If the cmdlet is run from such a provider drive, the account associated with the drive is the default.
Type a user name, such as "User64" or "Domain64\User64" or specify a
PSCredential object such as one generated by Get-Credential
If a user name is specified, the cmdlet will prompt for a password.
-Identity ADForest
An AD Forest object.
This may be given as:
Fully qualified domain name: corp.SS64.com
GUID (objectGUID): 539c5d2e-e75d-4d20-8a42-033d96465f68
DNS host name: dnsServer.corp.SS64.com
NetBIOS name: SS64
The cmdlet searches the default naming context or partition to find the object.
If two or more objects are found, the cmdlet returns a non-terminating error.
The ADForest object may also be passed through the pipeline or set via a variable.
-PassThru
Return the new or modified object.
By default (i.e. if -PassThru is not specified), this cmdlet does not generate any output.
-Server string
The AD Domain Services instance to connect to, this may be a Fully qualified domain name,
or NetBIOS name, Fully qualified directory server name (with or without port number.)
-SPNSuffixes hashtable
Modify the list of Service Principal Name (SPN) suffixes of the forest.
(sets the multi-valued msDS-SPNSuffixes property of the cross-reference container.)
Use the following syntax to add remove, replace, or clear SPN suffix values:
-SPNSuffixes @{Add=value1,value2,...}
-SPNSuffixes @{Remove=value3,value4,...}
-SPNSuffixes @{Replace=value1,value2,...}
-SPNSuffixes $null
Specify more than one change with a semicolon separated list.
For example:
@{Add=value1,value2,...};@{Remove=value3,value4,...}
Operators will be applied in the sequence: Remove,Add, Replace then Clear
example:
-@{Add="SS64Europe", "SS64Asia"};@{Remove="SS64"}
-UPNSuffixes hashtable
Modify the list of User Principal Name (UPN) suffixes of the forest.
(sets the multi-valued msDS-UPNSuffixes property of the cross-reference container.)
This parameter uses the same syntax as -SPNSuffixes above
Set-ADForest modifies the properties of an AD forest. You can modify commonly used property values by using the cmdlet parameters. Property values that are not associated with cmdlet parameters can be modified with the -Add, -Replace, -Clear and -Remove parameters.
The -Identity parameter specifies the AD forest to modify. You can identify a forest by its fully qualified domain name (FQDN), GUID, DNS host name, or NetBIOS name. You can also set the -Identity parameter to an object variable or through the pipeline.
The -Instance parameter provides a way to update a forest object by applying the changes made to a copy of the object. When you set the -Instance parameter to a copy of an AD forest object that has been modified, the Set-ADForest cmdlet makes the same changes to the original forest object. To get a copy of the object to modify, use
the Get-ADForest object.
Example: Modify the UPNSuffixes property for the SS64.com forest by first modifying a local instance of the SS64.com forest. Then setting the -Instance parameter to the local instance:
$forest = Get-ADForest -Identity SS64.com
$forest.UPNSuffixes = "SS64.com","SS64","corp.SS64.com"
Set-ADForest -Instance $forest.
The -Identity parameter is not allowed when you use the -Instance parameter.
Set the UPNSuffixes property on the SS64.com forest:
PS C:\> Set-ADForest -Identity SS64.com -UPNSuffixes @{replace="SS64.com","SS64","corp.SS64.com"}
Add corp.SS64.com to the SPNSuffixes property on the forest SS64.com:
PS C:\> Set-ADForest -Identity SS64.com -SPNSuffixes @{add="corp.SS64.com"}
Get the forest of the current logged on user and clear the UPNSuffixes property:
PS C:\> Get-ADForest | Set-ADForest -UPNSuffixes $null
“The world’s a forest, in which all lose their way; though by a different path each goes astray” ~ George Villiers
Set-adDomain - Modify an AD domain.
Set-adDomainMode - Set the domain functional level for an AD domain.