Set-ADForest

Modify an AD forest.

Syntax
      Set-ADForest [-Identity] ADForest
         [-AuthType {Negotiate | Basic}] [-Credential PSCredential]
            [-PassThru] [-Server string]
               [-SPNSuffixes hashtable] [-UPNSuffixes hashtable] [CommonParameters]

Key
   -AuthType {Negotiate | Basic}
       The authentication method to use: Negotiate (or 0), Basic (or 1)
       A Secure Sockets Layer (SSL) connection is required for Basic authentication.

   -Credential PSCredential
       The user account credentials to use to perform this task.
       The default credentials are those of the currently logged on user unless the
       cmdlet is run from an Active Directory PowerShell provider drive.
       If the cmdlet is run from such a provider drive, the account associated with the drive is the default.

       Type a user name, such as "User64" or "Domain64\User64" or specify a
       PSCredential object such as one generated by Get-Credential 

       If a user name is specified, the cmdlet will prompt for a password.

   -Identity ADForest
       An AD Forest object.
       This may be given as:
          Fully qualified domain name: corp.SS64.com
          GUID (objectGUID): 539c5d2e-e75d-4d20-8a42-033d96465f68
          DNS host name:     dnsServer.corp.SS64.com
          NetBIOS name:      SS64

       The cmdlet searches the default naming context or partition to find the object.
       If two or more objects are found, the cmdlet returns a non-terminating error.

       The ADForest object may also be passed through the pipeline or set via a variable.

   -PassThru
       Return the new or modified object.
       By default (i.e. if -PassThru is not specified), this cmdlet does not generate any output.

   -Server string
       The AD Domain Services instance to connect to, this may be a Fully qualified domain name,
       or NetBIOS name, Fully qualified directory server name (with or without port number.)

   -SPNSuffixes hashtable
       Modify the list of Service Principal Name (SPN) suffixes of the forest.
       (sets the multi-valued msDS-SPNSuffixes property of the cross-reference container.)
       Use the following syntax to add remove, replace, or clear SPN suffix values:

          -SPNSuffixes @{Add=value1,value2,...}
          -SPNSuffixes @{Remove=value3,value4,...}
          -SPNSuffixes @{Replace=value1,value2,...}
          -SPNSuffixes $null
        
       Specify more than one change with a semicolon separated list.
       For example:
          @{Add=value1,value2,...};@{Remove=value3,value4,...}
        
       Operators will be applied in the sequence: Remove,Add, Replace then Clear
        
       example:
          -@{Add="SS64Europe", "SS64Asia"};@{Remove="SS64"}

   -UPNSuffixes hashtable
       Modify the list of User Principal Name (UPN) suffixes of the forest.
       (sets the multi-valued msDS-UPNSuffixes property of the cross-reference container.)
       This parameter uses the same syntax as -SPNSuffixes above

   CommonParameters:
       -Verbose, -Debug, -ErrorAction, -ErrorVariable, -WarningAction, -WarningVariable,
       -OutBuffer -OutVariable.

Set-ADForest modifies the properties of an AD forest. You can modify commonly used property values by using the cmdlet parameters. Property values that are not associated with cmdlet parameters can be modified with the -Add, -Replace, -Clear and -Remove parameters.

The -Identity parameter specifies the AD forest to modify. You can identify a forest by its fully qualified domain name (FQDN), GUID, DNS host name, or NetBIOS name. You can also set the -Identity parameter to an object variable or through the pipeline.

The -Instance parameter provides a way to update a forest object by applying the changes made to a copy of the object. When you set the -Instance parameter to a copy of an AD forest object that has been modified, the Set-ADForest cmdlet makes the same changes to the original forest object. To get a copy of the object to modify, use the Get-ADForest object.

Example: Modify the UPNSuffixes property for the SS64.com forest by first modifying a local instance of the SS64.com forest. Then setting the -Instance parameter to the local instance:

$forest = Get-ADForest -Identity SS64.com
$forest.UPNSuffixes = "SS64.com","SS64","corp.SS64.com"
Set-ADForest -Instance $forest.

The -Identity parameter is not allowed when you use the -Instance parameter.

Examples

Set the UPNSuffixes property on the SS64.com forest:

PS C:\> Set-ADForest -Identity SS64.com -UPNSuffixes @{replace="SS64.com","SS64","corp.SS64.com"}

Add corp.SS64.com to the SPNSuffixes property on the forest SS64.com:

PS C:\> Set-ADForest -Identity SS64.com -SPNSuffixes @{add="corp.SS64.com"}

Get the forest of the current logged on user and clear the UPNSuffixes property:

PS C:\> Get-ADForest | Set-ADForest -UPNSuffixes $null

“The world's a forest, in which all lose their way; though by a different path each goes astray” ~ George Villiers

Related:

Set-adDomain - Modify an AD domain.
Set-adDomainMode - Set the domain functional level for an AD domain.


© Copyright SS64.com 1999-2014
Some rights reserved