Skip to main content

Getting Started with Management Shell

All Commands

You can get a list of all GroupID Management Shell cmdlets using the Get-ImanamiCommand cmdlet.

Contact Cmdlets

  1. Get-Contact
  2. New-Contact
  3. Remove-Contact
  4. Set-Contact

Dynasty Cmdlets

  1. New-Dynasty
  2. Set-Dynasty

General Cmdlets

  1. Get-Computer
  2. Get-ConnectedStoreInformation
  3. Get-ConnectedUser
  4. Get-GroupIdInformation
  5. Get-ImanamiCommand
  6. Get-ReplicationStatus
  7. Get-TombStoneObject
  8. Invoke-Replication
  9. New-Container
  10. Remove-Container
  11. Restore-TombStoneObject
  12. Send-Notification

Group Cmdlets

  1. Convert-Group
  2. Expire-Group
  3. Get-Group
  4. Move-Group
  5. New-Group
  6. Remove-Group
  7. Renew-Group
  8. Set-Group

Identity Store Cmdlets

  1. Clear-MessagingServer
  2. Clear-Notifications
  3. Clear-SmtpServer
  4. Get-AvailableMessagingServers
  5. Get-Client
  6. Get-IdentityStore
  7. Get-IdentityStoreRoles
  8. Get-LogSettings
  9. Get-RolePermissionNames
  10. Get-SchemaAttributes
  11. Get-SmsGateways
  12. Get-UserRole
  13. New-IdentityStore
  14. Remove-IdentityStore
  15. Send-TestNotification
  16. Set-IdentityStore
  17. Set-IdentityStoreRole
  18. Set-MessagingServer
  19. Set-Notifications
  20. Set-SmtpServer

Identity Store Connection Cmdlets

  1. Connect-IdentityStore
  2. Get-Token

Mailbox Cmdlets

  1. Get-Mailbox
  2. New-Mailbox
  3. Remove-Mailbox
  4. Set-Mailbox

Mail-Enable/Disable Groups Cmdlets

  1. Disable-DistributionGroup
  2. Enable-DistributionGroup

Membership Cmdlets

  1. Add-GroupMember
  2. Get-GroupMember
  3. Get-Object
  4. Remove-GroupMember
  5. Set-Object

Scheduling Cmdlets

  1. Get-Schedule
  2. Get-TargetSchedules
  3. Invoke-Schedule
  4. New-Schedule
  5. Remove-Schedule
  6. Set-Schedule
  7. Stop-Schedule

Smart Group Cmdlets

  1. ConvertTo-StaticGroup
  2. Get-SmartGroup
  3. New-SmartGroup
  4. Set-SmartGroup
  5. Update-Group

User Cmdlets

  1. Get-User
  2. Get-UserEnrollment
  3. New-User
  4. Remove-User
  5. Set-User

User Lifecycle Cmdlets

  1. Extend-User
  2. Get-Status
  3. Reinstate-User
  4. Terminate-DirectReports
  5. Transfer-DirectReports

See Also

Connect-IdentityStore

If an identity store of the connected domain is available, then GroupID Management Shell gets connected to that identity store upon its launch. In case it does not exist the Connect-IdentityStore commandlet establishes a connection with the required identity store.

After a connection is established with the identity store you can then perform functions in directory as per your role and permissions.

Syntax

Connect-IdentityStore
[-AuthenticationMode <string>]
[-IdentityStoreId <int>]
[-SecurityToken <CustomClaimsPrincipal>]
[-Credential <pscredential>]
[<CommonParameters>]

Required Parameter

  • None

Example:

The following command connects you to the identity store specified by the IdentityStoreId parameter using the specified authentication mode and credentials that you set in the $Credentials environment variable. See the Set the $Credentials Environment Variable topic for setting credentials in an environment variable.

Connect-IdentityStore -AuthenticationMode 2 -IdentityStoreId 2 -Credential $Cred

See Also

Get-Token

When Management Shell is connected to an identity store a token is passed with the commandlet enabling user to perform the required functions in directory.

If you want to perform a function in a different identity store Management Shell is connected with then first, you must have a valid token for the required identity store using the Get-Token commandlet. This commandlet gets a token from GroupID Security Service which was assigned to the user at the time of authentication.

Get-Token command is also used to get a valid token in case of token expires in a session.

Syntax

Get-Token
[-AuthenticationMode <string>]
[-IdentityStoreId <int>]
[-SecurityToken <CustomClaimsPrincipal>]
[-Credential <pscredential>]
[<CommonParameters>]

Required Parameter

  • None

Example:

The following command returns a token for the identity store specified by the IdentityStoreId parameter using the specified authentication mode and credentials that you set in the $Credentials environment variable. See the Set the $Credentials Environment Variable topic for setting credentials in an environment variable.

Get-Token -AuthenticationMode 2 -IdentityStoreId 2 -Credential $Cred

See Also

Identity Store Connection Commands

This section covers cmdlets for establishing a connection with an identity store.

  • Connect-IdentityStore: connects to an identity store using the authentication mode mentioned.
  • Get-Token: gets a token from the GroupID Security service.

See Also

Parameters

This topic discusses the following:

All Parameters

The following table lists the GroupID Management Shell commandlet parameters in alphabetical order. Click on alphabet letter to easily locate the parameter which starts with that letter.

Parameter NameDescription
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A
AcceptMessagesOnlyFromThe distinguished names (DN), globally unique identifiers (GUID) or samAccountNames of the mailbox users and mail-enabled contacts who can send e-mail messages to the group. Providing a blank value enables the group to accept messages from all mailbox users and all mail-enabled contacts. (Applies to Distribution groups only).
AcceptMessagesOnlyFromGroupsThe distinguished name (DN), globally unique identifier (GUID) or samAccountName of one or more groups or users that the group is allowed to accept messages from. Separate multiple objects with commas (,). (Applies to Distribution groups only.)
AccidentalDeletionIf the value is set as True, user will be prompted before container deletion.
AddSet-User, Set-contact, Set-Mailbox Add will append the values of multi-value attributes and replace the value of single-value attributes.
Set-Group This setting applies to the AdditionalOwners parameter and lets you add one or more additional owners for this group. The syntax in which the value is entered for this setting is: -Add @{ AdditionalOwners = "Owner1","Owner2","Owner3"} -Add @{ AcceptMessagesOnlyFrom = "User1","User2","User3"} -Add @{ AcceptMessagesOnlyFromGroups = "Group1","Group2","Group3"} -Add @{ RejectMessagesFrom = "User1","User2","User3"} -Add @{ AcceptMessagesOnlyFrom = "Group1","Group2","Group3"} As the value of objects to be added, the setting accepts all the identities supported by the AdditionalOwners parameter, which is the distinguished name (DN), globally unique identifier (GUID) or samAccountName of the user, contact, or security group.
Set-SmartGroup, Convert-Group, Set-Dynasty This setting applies to the following multi-valued parameters and lets you add one or more values to these parameters. Parameters and the syntax for their values follows:
Parameter
SearchContainers (StartPaths can be used as an alternative name of this parameter for this setting)
IncludeRecipients (Includes can be used as an alternative name of this parameter for this setting)
ExcludeRecipients (Excludes can be used as an alternative name of this parameter for this setting)
AdditionalOwners
Only Set-Dynasty has this attribute.GroupBy
AcceptMessagesOnlyFrom (AuthOrig can be used as an alternative name of this parameter for this setting)
AcceptMessagesOnlyFromGroups (DLMemSubmitPerms can be used as an alternative name of this parameter for this setting)
RejectMessagesFrom (UnauthOrig can be used as an alternative name of this parameter for this setting)
RejectMessagesFromGroup (DLMemRejectPerms can be used as an alternative name of this parameter for this setting)
The setting accepts all the identities supported by the parameter as the value of objects for each parameter. For example, for the SearchContainer parameter, the setting can accept the DN and GUID of the domains or containers being searched for group members.
AdditionalOwnersThe distinguished name (DN), globally unique identifier (GUID), or samAccountName of one or more users, contacts, or groups (security groups only) to set as the additional owners for the group. Passing a blank value for this parameter will remove additional owners.
AddressHome address of a user, contact or mailbox.
AdministrativeNotesAny information about the group that is useful for its maintenance or administration. It appears on the Exchange Advanced tab of Group Properties dialog box.
AdminUserNameThe admin username for the Google based providers and messaging systems. This parameter becomes available depending on the value of other parameters - IdentityStoreType and Provider.
AliasAlias of user, group or mailbox. The alias parameter can be a combination of characters separated by a period without any spaces. Avoid using special characters in the alias. The Exchange alias is limited to 64 characters, must be unique and should not contain spaces.
AliasTemplateSpecifies the pattern for creating alias names for Dynasty children. For a Managerial Dynasty, the template must contain the %MANAGER% keyword in the input string. This keyword is replaced with the respective manager. For all other Dynasties, the value must contain the %GROUPBY% keyword in the input string for replacement with the respective GroupBy value.
AllPerform action on all types of entities.
AppIdUsed to provide Microsoft Entra ID application ID for Microsoft Entra ID / Office 365 based identity stores and messaging systems. Note that this parameter appears depending on the values of other parameters. Application ID which is generated by Microsoft Entra ID when the application is registered in Microsoft Entra ID. This parameter becomes available depending on the value of other parameters - IdentityStoreType and Provider.
AssistantIt will be a DN or (GUID) of another user or contact.
AttributesToLoadProvide list of attributes which should be loaded with objects. In the absence of the list, object will be loaded with minimal attributes.
AuthenticationModeFollowing are the possible values for this parameter: - 1 (credentials of the logged-in users) - 2 (works in conjunction with IdentityStoreID and Credentials parameters). - 3 (user is authenticated through the Log in dialog box which is also the default mechanism if no authentication mode is defined by user).
AuthenticationTypeSupported authentication types in GroupID which are: - Security questions - Email - SMS - Yubikey - Windows Hello - Authenticator - Link account
AuthenticationTypeOperationEnables or disables the specified authentication type(s).
B
BusinessFirst business phone number of a user, contact or mailbox.
Business2Second business phone number of a user, contact or mailbox.
BypassOwnersPolicyThis parameter bypasses the values set in GroupID configurations both for primary owner and required minimum additional owners at group creation or modification. If the value is 0 (zero) then this parameter has no affect.
C
CarbonCopyEmail address for carbon copy (CC) of notification to be sent other than the main email addresses.
ChangeTrackerActionsThe list of GroupID actions to track for history records. The possible values are: - None - AdditionalOwnerChange - Enrollment - ExpirationPolicyChange - GroupExpire_Renew - OobChange - SecurityTypeChange - WorkflowApprovalDenial - OwnershipChange - QueryChange - AllOthers - All - UpgradeSmartGroupChange To track multiple actions, separate each action with a hash (#) sign and set the complete string as a value of this setting. For example, to track changes in additional owners, enrollment details and security types, specify the value as "AdditionalOwnerChange#Enrollment#SecurityTypeChange".
ChildContainerThe distinguished name (DN) or globally unique identifier (GUID) of the container where you want to create the child groups. If you have selected multiple group-by attributes, you can specify a different child container for every attribute in the same sequence as the group-by attributes are specified, separating each with a comma (,). For Managerial Dynasty, passing a blank value creates child groups in the container where the top manager resides.
CityThe city of a user, contact or mailbox.
ClearSet-User, Set-Contact, Set-Mailbox It will clear the values of multi-value and single-value attributes.
Set-Group This setting applies to the AdditionalOwners parameter and lets you clear the additional owners list. The syntax for entering the value for this setting is: -Clear @{ AdditionalOwners} -Clear @{ AcceptMessagesOnlyFrom } -Clear @{ AcceptMessagesOnlyFromGroups } -Clear @{ RejectMessagesFrom } -Clear @{ AcceptMessagesOnlyFrom }
Set-SmartGroup, Convert-Group, Set-Dynasty This setting works for the following multi-valued parameters and lets you clear all their existing values. Parameters and the syntax for their values follows:
Parameters
SearchContainers (StartPaths can be used as an alternative name of this parameter for this setting)
IncludeRecipients (Includes can be used as an alternative name of this parameter for this setting)
ExcludeRecipients (Excludes can be used as an alternative name of this parameter for this setting)
AdditionalOwners
Only Set-Dynasty has this attributeGroupBy
AcceptMessagesOnlyFrom (AuthOrig can be used as an alternative name of this parameter for this setting)
AcceptMessagesOnlyFromGroups (DLMemSubmitPerms can be used as an alternative name of this parameter for this setting)
RejectMessagesFrom (UnauthOrig can be used as an alternative name of this parameter for this setting)
RejectMessagesFromGroup (DLMemRejectPerms can be used as an alternative name of this parameter for this setting)
As the value of objects for each parameter, the setting accepts all of the identities supported by the parameter. For example, for SearchContainer parameter, the setting can accept the distinguished name (DN) and globally unique identifier (GUID) of the domains or containers to be searched for the group members.
ClearSetClears the specified notification recipients set. Possible values are: - All - Recipients - PasswordExpiry (Password Expiry group notifications) - ML (Membership life cycle notifications) - MB (Managed by life cycle notifications)
ClientNameName of GroupID client such as Automate, Management Shell, GroupID Mobile Service, each Self-Service portal, each Password Center portal.
CompanyThe company of user, contact or mailbox.
ConfiguredExchangeSpecifies the messaging system that GroupID uses for creating the e-mail addresses of mail-enabled objects. The default value 1 uses the latest version of Exchange installed if GroupID is connected to a domain with multiple versions of Exchange. You can change the system to any of the following values: - 2013 (for Exchange 2013) - 2016 (for Exchange 2016) - 2019 (for Exchange 2019) - 0 (for AD-only domain) - 2 (other messaging system)
ConnectedUsed to request connected identity store to the current instance of GroupID Management Shell.
ContainerThe distinguished name (DN) or globally unique identifier (GUID) of one or more containers where you want to search for a user, contact or group. Separate multiple values with commas.
CountryCountry of a user, contact or mailbox, represented as the 2-character country code based on ISO-3166.
CreateFlatManagerialListSetting a True value creates this dynasty as flat managerial list. A flat managerial list is a form of managerial dynasty in which all direct reports of the top manager and sub-level managers are added as members of one group and no separate groups are created for the sub-ordinates of the top manager's direct reports. If this setting is set to True, the flat operation is performed on the next update of the dynasty where it breaks its current hierarchy and re-builds the memberships of the parent group on the flat dynasty logic. (Applies to Managerial Dynasty)
CriteriaFiltersSame as RoleCriteriaFilters
CriteriaScopeSame as RoleCriteriaScope
CredentialThe $Credentials environment variable holds the user's authentication information. Use this variable to execute the commandlet using the credentials of a user account other than the one you are logged on to the connected identity store.
CustomAttribute1-15A value for an attribute that you determine. Use these attributes—up to 15—to store additional information specific to your needs.
D
DatabaseSQL database name of previous GroupID version.
DataSourceConnectionSet or modify connection string of an external data source in Query Designer of a Smart Group or Dynasty.
DataSourceNameThe name of the database that contains the table or view you want to use for your query. This parameter is applicable on the following data source types: - Microsoft SQL Driver - Oracle
DataSourcePasswordThe password for the specified user account to use for connecting to the specified data source.
DataSourceQuerySpecifies the database query to execute to retrieve results from the data source. This can be a query statement and can include multiple columns separated by commas (,). The field names are enclosed in brackets ([ ]) to prevent any ambiguity that the query engine might encounter because of spaces between column names. GroupID Management Shell also needs to know how the information in the source relates to the directory so it can find the recipients identified in the data source in the directory and add them to the group. This relation is defined through the LdapFilter parameter. If no match is found, the data source entry will be skipped.
DataSourceTypeUse this parameter to combine an external data source with Active Directory to determine the group membership. When a connection is configured, GroupID Management Shell connects to the database and retrieves results. It then queries Active Directory to find matching records. The parameter can also be used to connect to external directories. Specify any of the following external data source types: - Text Driver - ODBC Data Source - Sun ONE iPlanet Driver - Lotus Notes - Microsoft SQL Driver - Oracle
DataSourceUserNameThe username of the account to use for connecting to the specified data source.
DaysIntervalSpecified the daily interval for daily triggers.
DefaultAllowPermissionsBy default, all permissions except those specified in RolePermissions are denied. The application of this parameter overrides the default behavior and causes all of the permissions except those specified in RolePermissionNames to be granted.
DefaultApproverSpecifies the default approver for an identity store.
DefaultExpirationPolicyThe default expiry days to set for new groups at creation, which can later be changed for groups individually using the Set-SmartGroup commandlet. The default value 0 implies that the groups will never expire.
DefaultGroupApproverThe distinguished name (DN), globally unique identifier (GUID) or samAccountName of the default approver to whom notifications will be sent for groups having no owners.
DefaultGroupDeletionTimeAfterExpiryThe number of days after which an expired group should be deleted. The default value is 30. This parameter only applied if the value of the DeleteExpiredGroups parameter has been set to True.
DefaultMaximumNumberOfMembersThe maximum number of members a group can have.
DefaultMaximumNumberOfMembersToDisplayThe maximum number of items to display in the Automate groups list. The default limit is set to 1000.
DefaultNumberOfOwnersToDisplayThe number of most recently used recipients (set as group owners) to show on the shortcut menu when setting the owner for multiple groups. The default value is 5.
DefaultReportToMessageOrginatorSetting its value to True sends non-delivery reports (NDR) to the message originator (sender). By default, it is set to False.
DefaultReportToOwnerSetting its value to True sends non-delivery reports (NDR) to the group owner. By default, the value is set to False.
DefaultRequestDeletionTimeWorkflow requests older than the number of days given in this parameter will be deleted by the CleanupApprovedRequests, CleanupDeniedRequests and CleanupPendingRequests settings. The default value of this setting is 30. NOTE: This setting applies only if the DeleteRequests setting is set to True.
DefaultStartWithGlobalCatalogInQueryDesignerIts default value True sets the Global Catalog as the default scope for searches on the Query Designer. Changing its value to False searches the logged-on domain only.
DefaultUnusedGroupsExpirationTimeThis setting is related to the group usage lifecycle and applies only if the GroupUsageLifecycleEnabled and ExpireUnusedGroups settings are set to True. Its value is the unused period (in number of days) of the lifecycle period for a mail-enabled distribution group after which its life is reduced to 7 days. The default value of this setting is 60 days.
DeletedObjectsIt is a switch, if present then delete object replication will be started.
DeleteEmptySetting its value to True forces Automate to delete Dynasty children when they are empty or when their parents are deleted. The default value is False.
DeleteExpiredGroupsThe default value True enables the automatic deletion of expired groups according to the number of days specified in the DefaultDeletionTimeAfterExpiry parameter.
DeleteNestedOrphanGroupsThis parameter deletes nested orphan groups according to the following rules: - If the maximum membership value is reached and the Do not update option is selected, then the parameter has no effect. - If the maximum membership value is reached and the Nest into child groups option is selected, then, upon membership update, more nested child groups are created and orphan nested groups are deleted. - If the maximum membership value is increased then upon the group's membership update, members from the nested child groups are moved into the parent group and the nested groups are orphaned. This parameter deletes the nested groups.
DeleteRequestsThe default value True enables the removal of older workflow requests, a feature that removes those approved, pending, and denied workflow requests that are older than the number of days specified in the DefaultRequestDeletionTime setting.
DepartmentThe department of a user, contact or mailbox.
DescriptionUsed to provide description of an entity while: - creating a new group (managed or unmanaged) or dynasty. - modifying a user, contact, group (managed or unmanaged) or dynasty. - converting a static group to a smart group.
DestinationContainerThe distinguished name (DN) or globally unique identifier (GUID) of the container that you want to move the group to. The destination container must be part of the same forest.
DirectReportsProvide any of the following identity for the direct report: - Distinguished name (DN) - Globally unique identifier (GUID) - Comman-name (Cn) - Name - SamAccountName
DisableAttributeUpdationSpecifies that attribute updation should not occur when Profile Validation cycle of a user is expired.
DisabledIn some commandlet this parameter is used to retrieve disabled entities such as disabled schedules or identity stores and in some it disables an entity.
DisableExpiredGroupDeletionDisables the deletion of the expired groups.
DisableGroupAttestationDisables the group attestation at identity store level.
DisableGUSLifecycleDisables the group usage life cycle of groups at identity store level.
DisableNewProfileValidationLifecycleDisables the profile validation of new profiles.
DisableOrphanGroupDeletionDisables deletion of orphan groups when, upon membership update, they become orphan.
DisableOutOfBoundsAlertsDisables generation of out of bound alerts to group owners upon membership threshold and does not update the membership.
DisableSecurityGroupsExpiryDisables expiration of the security groups.
DisableSWAuthenticationViaEmailDisables second way authentication via email.
DisableSWAuthenticationViaMobileDisables second way authentication via mobile.
DisableSWAuthenticationViaSecurityQuestionsDisables second way authentication via security questions.
DisableValidationDateRemovalCauses the validation date not to be cleared after the profile validation has been expired.
DisallowingPasswordExceptionFilePathSpecifies the path to a file containing a list of strings that cannot be set as password.
DisplayNameDisplay name while - creating a user, contact, group (managed & unmanaged), dynasty or mailbox. - modifying a user, contact, group (managed & unmanaged), dynasty or mailbox. - converting a static group to a smart group. - retrieving a tombstone object.
DisplayNameTemplateSpecifies the pattern for generating display names for Dynasty children. For the Managerial Dynasty, the template must contain the %MANAGER% keyword in the input string. This keyword is replaced with the respective manager. For all other Dynasties, the value must contain the %GROUPBY% keyword in input string for replacement with the respective GroupBy value.
DistinguishedNameDistinguished name of an object in directory.
DomainDomain name of the provider mentioned in a commandlet. The domain name can be of an Active Directory domain, Microsoft Entra ID domain or messaging provider’s domain. This parameter becomes available depending on the value of other parameters.
DomainExpiration(Applies to Password Expiry group.) The domain expiration policy for the group. This policy allows you to specify maximum password age. The default value is 42 days.
DynastyManagerAsMemberSet its value to True to add the manager of direct reports to the membership of the direct reports group so that the manager receives a copy of any e-mail sent to the group. The default value is False.
E
EmailAddressA valid email address of a user, contact, mailbox or group (if mail-enabled)
EmailProviderDomainThis setting applies if the ConfiguredExchange setting is set to 2. Its value is the domain name of the external e-mail provider. For example, googlegroups.com.
EmailTemplatePathLocation of the email template that will be used while sending an email notification to a user or group.
EnableAttributeUpdationEnables attribute update when a user is expired in Profile Validation cycle. It sets the given string as the attribute’s value for the user.
EnabledIn some commandlet this parameter is used to retrieve enabled entities such as enabled schedules or identity stores and in some it enables an entity.
EnableExpiredGroupsDeletionEnables the deletion of expired groups.
EnableGroupAttestationEnables the group attestation i.e. to review and validate the attributes and membership of an expiring group before renewing it.
EnableGUSLiefecycleEnable group usage life cycle i.e. set the expiry of mail-enabled distribution groups based on their usage.
EnableNewProfileValidationLifecycleEnables profile validation for newly found user objects (by way of newly created objects or by way of disabled object enabled again) in the directory.
EnableNotificationsEnables notifications in a schedule.
EnableOrphanGroupDeletionEnables deletion of orphan groups when, upon membership update, they become orphan.
EnableOutOfBoundsAlertsEnables generation of out of bound alerts to group owners upon membership threshold and does not update the membership.
EnableSecurityGroupsExpiryEnables expiry of security groups.
EnableSWAuthenticationViaEmailEnables second way authentication via email.
EnableSWAuthenticationViaMobileEnables second way authentication via mobile.
EnableSWAuthenticationViaSecurityQuestionsEnables second way authentication via security questions.
EnableUpdateSpecify False to disable the group update and scheduled job process. Default value is True.
EnableValidationDateRemovalClears the validation date if X number of days have passed since the last validation date. In case of a rehire scenario, the object will be treated as a newly created object and the validation process for new users will apply to it.
EndDateDate on which membership will end or restore. Or Date on which membership will end/restore, or a schedule will end.
EnforceOutOfBoundsEnables / Disables enrollment on an identity store.
EnrollmentTypePossible values are: - None - Mobile - SecurityQuestions - Email - Authenticator - LinkAccount - Yubikey - WindowsHello - All - Any
ExcludeNestedListsSetting a True value excludes child Dynasties from the membership of the parent Dynasty. The default structure of Managerial Dynasty adds the Smart Group of sub-level manager in the membership list of the top-level manager’s Smart Groups. (Applies to Managerial Dynasty)
ExcludeOUsThe default value True excludes from exploration the organizational units specified in the IncludeExcludeOUs parameter. Setting its value to False applies the expiration only on the organizational units specified in the IncludeExcludeOUs parameter and excludes the rest.
ExcludeRecipientsThe distinguished name (DN), globally unique identifier (GUID) or samAccountName of one or more objects that you want to exclude statically from the group membership regardless of whether they are returned by the query.
ExpansionServerThe name of the Expansion server. The Expansion server is the Exchange server responsible for expanding a distribution list and creating a message for each of the members.
ExpirationPolicySet the expiration policy for the group. This parameter does not work for Dynasty children since they inherit the expiration policy of their parent Dynasty and you cannot change it explicitly at child level.
ExpirationRangeThe expiration range policy for the group. This policy defines when GroupID Management Shell will include a user in the membership of the Password Expiry group. For example, a domain expiration policy is configured with a maximum password age of 30 days. Setting the expiration range policy to 10 will include users in the membership of the Password Expiry group who have passwords aged 20 days or older. (Applies to Password Expiry group)
ExpiredGroupsDeletionIntervalNumber of days since groups expiry after which the groups shall be deleted.
ExpireUnusedGroupsThis setting is related to the group usage lifecycle and applies only if GroupUsageLifecycleEnabled is set to True. The value True reduces the life of mail-enabled distribution groups that have not been sent any e-mail for a particular period. This unused period is defined in the DefaultUnusedGroupsExpirationTime setting. Under its default value False, the life of unused groups is always extended as soon as they reach their expiration date.
ExtendGroupLifeExtend the life of the group as per the ExpirationPolicy parameter's value. The default value of this parameter is True, so specifying a value is not required.
ExtensionDataAttributesBy default, ExtensionDataAttribute attribute is used for storing the value. In case it has been modified then this parameter must specify the attribute being used for storing the value.
F
FileLoggingEventSet the event for which file logs are generated.
FilePathThe path of the text file, if the value of the DataSourceType parameter is Microsoft Text Driver.
FilterOperationOperation to perform on role criteria filters
FiltersSpecifies how the values of group-by attributes are stripped out for creating the child groups. This parameter allows you to collapse several different values into one. Use any of the following as a value of this parameter: - <Blank value> - Do not use any filter and create a group for each distinct value of the attribute. - Left <Number of characters> - Selects the specified number of characters from the attribute starting from the left-end of the string. Each distinct set of selected characters from the group-by attribute is then used to create a group. - Right <Number of characters> - Selects the specified number of characters from the attribute starting from the right-end of the string. Each distinct set of selected characters from the group-by attribute is then used to create a group. - %GROUPBY%/<the part of the value to leave out> - Use this filter when you have a character separator. Specifying this filter creates a group for each distinct value of the portion of the attribute selected. %GROUPBY% represents the significant portion of the value. After the slash, you can specify the portion you want to leave out of the attribute's value. Specifying * after the slash leaves out any portion of the value that occurs after the slash. For multiple group-by attributes, provide a filter values for each attribute separated by a comma (,).
FirstNameThe first name of a user, contact or mailbox.
FromEmailEmail address that SMTP uses to send emails from.
FromEmailAddressThe e-mail address to use for sending notifications
G
GenerateOnedayToExpiryReportThe default value True notifies the group owner of its expiry one day before the expiration date. Set its value to False to disable this notification.
GenerateSevenDaysToExpiryReportThe default value True notifies the group owner of its expiry seven days before the expiration date. Set its value to False to disable this notification.
GenerateThirtyDaysToExpiryReportThe default value True notifies the group owner of its expiry thirty days before the expiration date. Set its value to False to disable this notification.
GroupAliasAlias for the new group, distribution group or dynasty. The alias can be a combination of characters separated by a period without any spaces. Avoid using special characters in the alias. The Exchange alias is limited to 64 characters, must be unique and should not contain spaces.
GroupByName of the group-by attribute. Separate multiple attributes with commas (,). This parameter is required for all Dynasties except the Managerial Dynasty.
GroupIdentityThe distinguished name (DN), globally unique identifier (GUID), security identifier (SID), canonical name (CN) or SamAccountName of the group to add members to.
GroupIDVersionPrevious GroupID version to upgrade from. This parameter accepts integer values e.g. 7.0, 8.0 and 9.0. - 9.0 = GroupID 9.0 - 10.0 = GroupID 10.0
GroupLifeDaysSpecifies the number of days to extend / reduce (depending on the configured extension policy) if the group has not been used this number of days.
GroupNamePrefixesOne or more prefixes configured in GroupID configurations. They are prefixed with the group name and display name when you create a new group or modify an old group using the Properties option.
GroupScopeSpecify the scope for the group or dynasty. The available group scopes are: Universal, Global, and Domain Local.
GroupTypeSpecify the group types for upgrade: 1 = Non-managed groups 2 = Smart Groups 3 = Parent Dynasty 4 = Middle Dynasty 5 = Leaf Dynasty 6 = Password Expiry Smart Group NOTE: When a specific dynasty is upgraded it is recommended to upgrade the whole dynasty using the SearchContainer parameter and update it after running the Upgrade-Group command (provided that the whole Dynasty is in the same container). If a specific parent or middle or leaf Dynasty is upgraded using the Upgrade-Group command, update will be required to link it with the Dynasty chain (provided that all the Dynasties are upgraded to GroupID 8.1).
GroupUsageLifecycleEnabledSet its value to True to enable the group usage lifecycle feature. This lifecycle is executed by Group Management Service (GMS) for mail-enabled distribution groups and adds an additional rule to their regular expiration process. Under this lifecycle, if no e-mail is sent to a mail-enabled distribution group for a particular period, you can set GMS to reduce its expiration date to 7 days. Under its default behavior, unused distributions groups are never expired. As soon as, they reach their expiration date, their life is extended by reapplying the expiration policy on them.
H
HavingNotificationsUsed to select those schedules having notifications enabled. Used only in Get-Schedule
HiddenFromAddressListEnabledSpecifying a True value prevents the group from appearing in Exchange address lists. The default value is False.
HideMembershipSetting its value to True hides group membership in the Outlook address book. The default value is False.
HideMembershipFromAddressListEnabledA True value prevents the group membership from appearing in the Outlook address book. The default value is False.
HistoryActionsOperationThe operation on actions that the history will keep track of. Possible values are: - Add - Remove - Remove all
HistoryRetentionSpecifies the interval for which the history is tracked. Possible values are: - All - Last_30_Days - Last_60_Days - Last_90_Days - Last_120_Days - Last_6_Months - Last_1_Year - Last_2_Years - Last_5_Years
HistorySelectedActionsThe actions that the history will keep track of. Possible values are: - OwnershipChange - AdditionalOwnerChange - ExpirationPolicyChange - GroupExpireRenew - QueryChange - SecurityTypeChange - ObjectCreated - ObjectDeleted - IdentityStoreHistory - SecurityRolesHistory - WorkflowsHist
HistoryTrackingOptionSpecifies what the history will keep track of. Possible values are: - Nothing - All_Actions - Selected_Actions
HomeFirst home phone number of a user, contact or mailbox.
Home2Second home phone number of a user, contact or mailbox.
HomePageThe link of a user, contact, group or mailbox’s profile or home page.
I
IdentitySupported identities are: - Distinguished name (DN) - Globally unique identifier (GUID) - Comman-name (Cn) - Name - SamAccountName
IdentityStoreIdUnique identifier of identity store.
IdentityStoreNameName of an identity store.
IdentityStoreTypeSpecify the type of an identity store. Possible types are: - ActiveDirectory - Microsoft Entra ID - Google Workspace - Generic LDAP
IgnoreConnectionFailWhile creating an identity store, an active service account and valid credentials are required for connecting to an identity store. This parameter overrides this behavior and creates the identity store even if the connection is not active or the credentials are invalid.
IncludeAllContainersApplies when JobType is set to GUS. This parameter includes all containers in the schedule.
IncludeAllMessagingSystemsApplies when JobType is set to GUS. This parameter includes all messaging systems in the schedule.
IncludeDisabledUsers(Applies to Password Expiry group.) Specifying this parameter includes disabled users in the group membership.
IncludeEntityTypesUsed only in Get-RolePermissionNames. This parameter retrieves the permission categories alongwith the permission name.
IncludeExcludeOUsThe distinguished name (DN) or globally unique identifier (GUID) of one or more organizational units to include in or exclude from expiration. The behavior of this setting depends on the value set for ExcludeOUs parameter.
IncludeManagerAsMemberSetting a True value includes each manager as a member of their direct reports group; so that, whenever an e-mail is sent to the direct reports group, their manager also receives a copy of it. (Applies to Managerial Dynasty only) NOTE: If this setting is set to True, the manager will be included to the membership of direct reports on the next update of the dynasty.
IncludePasswordNeverExpireUsersSpecifying this parameter includes users whose password never expires in the group membership. Skipping this parameter excludes them from the group membership. (Applies to Password Expiry group)
IncludeRecipientsThe distinguished name (DN), globally unique identifier (GUID) or samAccountName of one or more objects that you want to include statically in the group membership regardless of whether they are returned by the query.
InheritanceBehaviorSpecifies whether Dynasty children should inherit attributes from their parent. The attributes that Dynasty children inherit are stored in the InheritedAttrs option, which can be viewed using the Get-Options commandlet. Values are: - 0 (Inherit selected attributes only on creation) - 1 (Always inherit selected attributes) - 3 (Never inherit selected attributes)
InheritedAttrsOne or more attributes of the parent Dynasty whose values you want its children to inherit at creation or when it is updated.
InitialsThe initials of a user, contact or mailbox.
InlineImageFileThe path of the image file that you want to include in the e-mail notification. This image is included in the e-mail body; it is not sent as an attachment.
IsExpiredA True value of the parameter expires the group and a False value renews the group. This parameter does not work for Dynasty children since they expire with the parent.
IsPasswordExpiryGroupSpecifying this parameter creates a Password Expiry group. If skipped, a simple Smart Group will be created.
IsPasswordExpirySmartDLSpecifying this parameter is mandatory if you are updating a Password Expiry group. If this parameter is skipped, the group will be converted to a simple Smart Group.
IsPreciseSearchIf object types parameter is defined, IsPreciseSearch will force search results for those particular object types only.
IsSecurityGroupExpirationPluginEnabledSet its value to True to enable the security group expiration feature. By default, it is set to False.
J
JobTypeType of the schedule (e.g. SmartGroup, GUS etc.). This parameter is used in some cmdlets to retrieve the schedules by job type. In New-Schedule, it is used to set the type of schedule.
K
KeepHistoryOptionSpecifies the length of time to retain history records in the GroupID database. The default value 0 retains all history data of the actions specified by the ChangeTrackerActions setting. You can change it to any of the following values: - 1 (for 30 days) - 2 (for 60 days) - 3 (for 90 days) - 4 (for 120 days) - 5 (for 6 months) - 6 (for 1 year) - 7 (for 2 years) - 8 (for 5 years) The setting does not destroy the older history data. Rather, it exports the older data to an Excel file for later reference. This Excel file is created in the HistoryBin folder in the GroupID installation directory. Group Management Service performs the history data export. With every execution of the service, it checks the specified period against Keep History option for the domain and exports the older data to the Excel file (if found).
KeepUserHistoryIt upgrades the history of the groups.
KeyMapADSpecify the primary key for provider in external data source in Query Designer.
KeyMapDBSpecify the primary key for Database in external data source in Query Designer.
KillAtDurationEndThe schedule job will be forced to terminate if it's still running at the end of its duration.
L
LastNameThe last name of user, contact or mailbox.
LdapFilterThe LDAP search filter that defines your search criteria. This parameter stores your query. A Smart Group can dynamically build its membership according to the query associated with it. Similar to Smart Group, a Dynasty has the capability to dynamically build its membership according to the query associated with it.
LDAPSearchContainerThe container for the Sun ONE iPlanet data source.
M
MailEnabledSpecifies whether to create a mail-enabled user, contact or group (managed & unmanaged). Provide a True value for mail-enabled object, otherwise a non-mail-enabled object will be created.
MailBoxStoreSpecifies which mailbox store will be used.
ManagedByThe distinguished name (DN), globally unique identifier (GUID) or samAccountName of the user, contact or group (security groups only) that you want to set as the group owner or manager. Passing a blank value for this parameter will remove the manager.
ManagerProvide any of the following identity for the manager of the user: - Distinguished name (DN) - Globally unique identifier (GUID) - Comman-name (Cn) - Name - SamAccountName
MatchingCriteriaUsed in Get-Schedule. Number of criteria (for example TriggerType and JobType) can be used to retrieve schedules, this parameter describes how to join the criteria by using Or and And.
MaximumMembersPerGroupSpecifies the maximum number of members that a group can hold. If this limit is reached, out-of-bounds configurations are applied to the group.
MaximumMembersToDisplayThe number of members to display for a group on the Members tab.
MaximumPasswordAgeThe parameter has no effect on the group to be modified.
MaxItemsToDisplayThe maximum number of objects the commandlet should return.
MaxiumumAliasLengthThis setting works if the ConfiguredExchange setting is set to 2. Its value is the maximum number of characters that an external e-mail alias can contain. The minimum value is 10. The default value is 64.
MaxSendSizeThe maximum allowed e-mail message size in kilobytes (KB) that can be sent from the group. (Applies to Distribution groups only)
MembershipCountThresholdTriggers an out-of-bound exception if the number for current or new membership exceeded than the specified number.
MembershipPercentageThresholdSpecifies that if out-of-bounds alerts are enabled, membership should stop if updation would cause this percentage of members change in the group and generate a notification to owners.
MessagingSystemsApplies when JobType is set to GUS. Use this parameter to specify the message systems for GUS job. This parameter and IncludeAllParameters cannot be applied both at the same time.
MinimumPasswordAgeThe parameter has no effect on the group to be modified.
MobileCell number of user, contact or mailbox.
MsExchCoManagedByLink (ExchangeAdditionalOwners can also be used as an alternate name of this parameter)The distinguished name (DN), globally unique identifier (GUID) or samAccountName of one or more users that you want to set as Exchange additional owners. This setting applies only if Exchange Server 2010 is deployed in your environment.
MsExchRequireAuthToSendToSet its value to True if you want senders to be authenticated for sending e-mails.
N
NameThe name of the new organizational unit, group, query-based-distribution group or dynasty being created. Get-ImanamoCommand Gets information only about commandlets or command elements with the specified name. Wildcard search is also supported.
NewNameNew name of an identity store or a schedule.
NewProfileValidationLifecycleThe number of days within which new users should validate their profiles.
NotesDescription text about a user, contact, group, or mailbox that appears on the General tab of their Properties dialog box.
NotificationSendingCriteriaWhen a notification for a scheduled job is to be sent. Possible values are: - Always - OnSuccess - OnFailure
NotifyAddedMembersNotify objects when they are added to the membership of a group.
NotifyLoggedInUsersSpecify whether the logged in users should be notified for changes they make to directory objects using Automate, Self-Service portal, Management Shell, GroupID mobile app, and Password Center portal. This setting applies only to mail-enabled users.
NotifyModifiedObjectSpecify whether to send email notification to an object (group, user, contact) being modified. For group, group members are notified. For contact and user, the particular contact or user is notified about the changes.
NotifyOptOutAdditionalOwnersExcludes some or all additional owners from receiving all expiry deletion and renewal notifications.
NotifyOwnersSpecifies whether the to send notification emails to the primary and additional owners (for groups), and managers of users/contacts about changes made to the respective objects.
NotifyPublicGroupOwnerSpecify whether to send email notifications to the primary and additional owners of a public group upon membership change.
NotifyUserGroupJoinMBSpecify whether to send email notification to users when they are added as additional owner or manager to the membership of a group.
NotifyUserGroupJoinMLSpecify whether to send email notification to users when they are added in a group.
NotifyUserGroupLeaveMBSpecify whether to send email notification to users when they are removed as additional owner or manager of a group.
NotifyUserGroupLeaveMLSpecify whether to send email notification to users when they are removed as member from a group.
NounShows information about commandlets or command elements having the specified noun in their name. Wildcard search is also supported.
NumberofOwnersToDisplayThe maximum value that can be set for the DefaultNumberOfOwnersToDisplay parameter. 24 is the maximum.
O
OfficeOffice phone number of a user, contact or mailbox.
OperatorSame as RoleCriteriaOperator
OptionsThe list of options to be retrieved from the registry.
OrganizationalUnitThe distinguished name (DN) or globally unique identifier (GUID) of the container where you want to create a user, contact, group or mailbox.
OutOfBoundsAlertEnabledSet to True to enable out-of-bound exceptions when group memberships change. Out-of-bound exceptions prevent massive changes from occurring to group memberships. When an out-of-bounds exception occurs, the group membership is not updated and the owner or administrator is notified via e-mail. If the owner or administrator determines that the change is valid they can update the group manually.
OutOfBoundsMinimumThis setting works in conjunction with OutOfBoundsPercentage. If both the percentage and the current membership or new membership exceeds the number specified for this parameter, an out-of-bounds exception will occur. The setting applies only if the OutOfBoundsAlertEnabled parameter is set to True.
OutOfBoundsPercentageThe out of bound percentage that is calculated by adding the number of members being added to the group and the number of recipients being removed from the membership and then dividing the result by the total number of new members. This setting works in conjunction with OutOfBoundsMinimum. If both the percentage and the OutOfBoundsMinimum limit is exceeded, an out-of-bounds exception will occur. The setting applies only if the OutOfBoundsAlertEnabled parameter is set to True.
P
P12CertificatePathSpecify the location of a P12 certificate file for a Google based identity store. Note that this parameter appears depending on the values of other parameters.
PageSizeThe number of history records to show on a page on the History tab of the group Properties dialog box.
ParentContainerThe distinguished name (DN), globally unique identifier (GUID) or security identifier (SID) of the container where you want to create a new organizational unit. To create the container at root level, pass the DN of the domain as the value of the parameter.
PasswordPassword of SQL user name.
PasswordCenterSupportURLThe default URL of the online help for Password Center portals. This URL is set by default for all new portals created using Password Center.
PasswordExceptionOperationThe operation to perform on the values supplied in the PasswordExceptions parameter.
PasswordExceptionsSpecifiy the password exceptions. This parameter accepts 2-Length arrays. First index contains the operator and the second index contains the value. Possible values for operator are: - Equals - Startswith - Endswith - Contains - Regexp Example: @('contains', 'webdir123R) is a valid value
PasswordPortalUrlSpecify the Password Portal Url.
PasswordRuleOperationThe action to perform on the values supplied in the PasswordRules parameter.
PasswordRulesSpecify the regular expressions (rules) for passwords.
PermissionOperationThe operation to perform on the Permissions parameter.
PermissionsSame as RolePermissions
PortSpecify the port number for the specified data source.
PowerToolsInclude respective power tools to execute script in Query Designer of Smart Group.
ProfileValidationGroupDNSpecify the distinguished name of a group to apply profile validation on.
ProfileValidationReminderOperationSpecify the operation to perform on the value of the ProfileValidationReminders parameter.
ProfileValidationRemindersSpecify the profile validation reminders. Values are supplied as 2-length array. The first index contains the name of reminder and the second index contains the number of days the reminder is sent to the user relative to the days left for the profile validation period to end. Example: @'first', 15) indicates a reminder named first with 15 days
ProviderSpecify a provider for messaging server. The supported providers are: - Office 365 - GSuite - Exchange 2013 - Exchange 2016 - Exchange 2019
Q
QuestionOperationSpecify the operation to perform on the SecurityQuestions parameter.
QueueEmailSpecifying this parameter sends the notification e-mail through Imanami Email Service. Imanami Email Service maintains a queue of all notifications to be sent by GroupID and ensures that they are delivered when the SMTP server is down. If this parameter is left out, the notification e-mail is sent directly without being added to the notification queue. Consequently, if the configured SMTP server is down, the e-mail is lost. Therefore, it is recommended that you use this parameter in every Send-Notification command.
R
RecipientsSpecify recipients for the job completion email notifications.
RegularProfileValidationLifecycleSpecify the number of days for the profile validation life cycle period.
RejectMessagesFromThe distinguished names (DN), globally unique identifiers (GUID) or samAccountNames of the mailbox users and mail-enabled contacts who are not allowed to send e-mail messages to the group. (Applies to Distribution groups only)
RejectMessagesFromGroupThe distinguished name (DN), globally unique identifier (GUID) or samAccountName of one or more groups or users, the group is restricted to accept messages from. Separate multiple 0bjects with commas (,). (Applies to Distribution groups only.)
RemoveSet-User, Set-Contact, Set-Mailbox It will remove the values of specified attributes.
Set-Group This setting applies to the AdditionalOwners parameter and lets you remove one or more additional owners for this group. The syntax in which the value is entered for this setting is: -Remove @{ AdditionalOwners = "Owner1","Owner2","Owner3"} -Remove @{ AcceptMessagesOnlyFrom = "User1","User2","User3"} -Remove @{ AcceptMessagesOnlyFromGroups = "Group1","Group2","Group3"} -Remove @{ RejectMessagesFrom = "User1","User2","User3"} -Remove @{ AcceptMessagesOnlyFrom = "Group1","Group2","Group3"} As the value of objects to be removed, the setting accepts all the identities supported by the AdditionalOwners parameter, which is the distinguished name (DN), globally unique identifier (GUID) or samAccountName of the user contact, or security group.
Set-SmartGroup, Convert-Group, Set-Dynasty This setting applies to the following multi-valued parameters and lets you remove one or more values from these parameters. Parameters and the syntax for their values follows:
Parameter
SearchContainers (StartPaths can be used as an alternative name of this parameter for this setting)
IncludeRecipients (Includes can be used as an alternative name of this parameter for this setting)
ExcludeRecipients (Excludes can be used as an alternative name of this parameter for this setting)
AdditionalOwners
Only Set-Dynasty has this attribute.GroupBy
AcceptMessagesOnlyFrom (AuthOrig can be used as an alternative name of this parameter for this setting)
AcceptMessagesOnlyFromGroups (DLMemSubmitPerms can be used as an alternative name of this parameter for this setting)
RejectMessagesFrom (UnauthOrig can be used as an alternative name of this parameter for this setting)
RejectMessagesFromGroup (DLMemRejectPerms can be used as an alternative name of this parameter for this setting)
The setting accepts all the identities supported by the parameter as the value of objects for each parameter. For example, for the SearchContainer parameter, the setting can accept the DN and GUID of the domains or containers being searched for group members.
RepeatRepeats the trigger.
RepeatDurationApplicable only when the Repeat parameter is applied. It specifies the duration in minutes during which the trigger will repeat.
RepeatIntervalApplicable only when the Repeat parameter is applied. It specifies the interval in minutes after which the trigger will start again.
ReplaceSet-User, Set-Contact, Set-Mailbox It will replace the old value of attribute with newly specified value.
- Set-Group This setting applies to the AdditionalOwners parameter and lets you entirely overwrite its existing values. The syntax in which the value is entered for this setting is: -Replace @{ AdditionalOwners = "Owner4","Owner5"} -Replace @{ AcceptMessagesOnlyFrom = "User4","User5"} -Replace @{ AcceptMessagesOnlyFromGroups = "Group4","Group5"} -Replace @{ RejectMessagesFrom = "User4","User5"} -Replace @{ AcceptMessagesOnlyFrom = "Group4","Group5"} As the value of replacing objects, the setting accepts all the identities supported by the AdditionalOwners parameter, which is the distinguished name (DN), globally unique identifier (GUID) or samAccountName of the user, contact, or security group.
Set-SmartGroup, Convert-Group, Set-Dynasty This setting applies to the following multi-valued parameters and lets you entirely overwrite all of their existing values. Parameters and the syntax of their values follows:
Parameter
SearchContainers (StartPaths can be used as an alternative name of this parameter for this setting)
IncludeRecipients (Includes can be used as an alternative name of this parameter for this setting)
ExcludeRecipients (Excludes can be used as an alternative name of this parameter for this setting)
AdditionalOwners
Only Set-Dynasty has this attribute.GroupBy
AcceptMessagesOnlyFrom (AuthOrig can be used as an alternative name of this parameter for this setting)
AcceptMessagesOnlyFromGroups (DLMemSubmitPerms can be used as an alternative name of this parameter for this setting)
RejectMessagesFrom (UnauthOrig can be used as an alternative name of this parameter for this setting)
RejectMessagesFromGroup (DLMemRejectPerms can be used as an alternative name of this parameter for this setting)
The setting accepts all of the identities supported by the parameter as the value of objects for each parameter. For example, for the SearchContainer parameter, the setting can accept the DN and GUID of the domains or containers being searched for group members.
ReportToManagerEnabledSpecify True to send non-delivery reports to the group owner or manager. The default value is False.
ReportToOriginatorEnabledSpecify True to send non-delivery reports to the message originator. The default value is False.
RestoreReplicationIt will start the restore replication process.
RoleCriteriaDNSpecify the criteria for a role. The criteria can be a group or a container. - Group - users that are members of the specified group will be assigned this role. - Container - users who reside in the specified container will be assigned this role.
RoleCriteriaFiltersSpecifies the filter criteria for a role. Values to this parameter are supplied as a 3-length array. - The first index contains the filter name which can be one of the 'name' or 'type' representing 'client name' and 'client type' respectively. - The second index contains the operator which can be either 'is exactly' or 'is not'. - The third index contains the value. It can either be the client type or client name, depending on the value in the first index. Example: @('name', 'is exactly', 'automate arslanahmadvm') is a valid filter criteria. However, @('client type', 'is not', 'managementshell') is not valid because the value at first index is not correct.
RoleCriteriaOperatorSpecify the operator for criteria filters of a role. The operators can be And or Or
RoleCriteriaScopeSpecify the scope for a role. This parameter can be used in conjunction with RoleCriteriaDN to change the role criteria scope from container to group and vice-versa.
RoleDescriptionDescription of an identity store security role.
RoleDisabledIf a new role is created using the Set-IdentityStore commandlet, the role is created as disabled in the identity store.
RoleNameName of an identity store security role.
RoleNameToCopyWhile creating a new role, specify the name of a role you want to make a copy of. The new role is created using the settings of this role.
RoleOperationWhile modifying an identity store settings using the Set-IdentityStore commandlet, specify the action to perform on an identity store security role. Possible actions are: - Add - Remove - Remove all
RolePermissionsWhile modifying an identity store settings using the Set-IdentityStore commandlet, specify the permission(s) that are to be granted or denied to the security role.
RolePrioritySet a role priority by specifying a value in the range of 1-99. Role priority determines which role is higher than the other, where 1 indicates the highest priority and 99 indicates the lowest priority.
RoleReadonlyWhile modifying an identity store using the Set-IdentityStore commandlet, specify that the role is created as read-only.
RoleSystemOnlyWhile modifying an identity store using the Set-IdentityStore commandlet, specify that the role is created as system only.
S
SamAccountNameThe logon name for the pre-Windows 2000 versions of operating systems. The value is limited to 24 characters only.
ScheduleNameName of a schedule job to identify a schedule. The schedule job is displayed with this name against the Scheduling node on GroupID Management Console.
ScriptThe Smart Script for memberships update. The script should be written in Visual Basic .NET in a format recognized by Group Script Editor. Write the script in a separate file, instead of writing the complete script on the shell, and give the path of the script file using the ScriptFilePath setting. NOTE: If while writing script using this setting, you must use a parameter's value that is enclosed in double-quotes (""), insert an apostrophe (') before every quotation mark. For example, #Region ' "Imanami Generated Code' ".
ScriptFilePathThe path to the script file containing Smart Script for memberships update. The script should be written in Visual Basic .NET (having .vb extension) in a format recognized by Group Script Editor.
SearchContainerThe distinguished name (DN) or globally unique identifier (GUID) of the domain or one or more containers in which to search for users, contact, group or dynasty members.
SearchContainersScopeListThis setting works in conjunction with the SearchContainer setting and sets the scope for the object search. Following are the possible values for this parameter: - 1 (Limits search to the container specified in the SearchContainer parameter and ignores the sub-containers.) - 2 (Searches the whole sub-tree, including the base container specified in the SearchContainer parameter and all its sub-containers. This is also the default setting for this parameter; therefore, if the search scope is not explicitly specified, this value is used.) Although the values are numerical, you must enclose them in double-quotes. For example: "1", "2".
SecurityQuestionsAdds a security question in an identity store.
SecurityTokenWhen you the Get-Token command, you get a value against Claims. Provide that value to this parameter.
SecurityTypeThe access level of the group: Private, Semi_Private and Public. If this parameter is not given, the group is created as Private.
SendEmailSpecify this parameter to send the password expiry e-mail notifications. The group must have an e-mail address and notifications must be configured. (Applies to Password Expiry group)
SendOofMessageToOriginatorEnabledSpecify True to enable the group to send Out-of-Office messages to e-mail senders. The default value is False.
SendToOwnersSends job completion notifications to group owners and additional owners as well as to the other specified recipients.
SeparatorSpecifies a character to use in the display name and the alias to separate group-by values from the each other.
ServerThe server name for the following data sources, if specified: - Microsoft SQL Driver (Name of the Microsoft SQL Server that contains the database you want to connect to) - Oracle (Name of the Oracle server that contains the database you want to connect to) - Lotus Notes (Name of the Lotus Notes server that contains the database you want to connect to) - Sun ONE iPlanet Driver (DNS name or IP address of SunONE server)
SetNotificationsEnables or disables notifications for a scheduled job.
ShouldReturnCollectionSpecifying this parameter returns a single collection of objects containing all groups
SimpleDisplayNameThe printable display name for an object. The printable display name is usually the combination of the user's first name, middle initial, and last name.
SmartDLNotesThe notes entered here are copied to all smart groups created using Automate.
SmartFilterAdds a smart search filter that applies only on SmartGroups. The smart search filters are: - IsExpired - GroupExpiringIn - SecurityType - ExpirationPolicy. (Functional in Get-Group and Get-Smartgroup commandlets only)
SmartGroupTypeThe type of Smart Group that you want the commandlet to retrieve. Values of this parameter are: - SmartGroup - SmartDynasty Omitting this parameter retrieves both SmartGroups and Dynasties.
SmsGatewayNameThe name of an SMS gateway.
SmtpPasswordThis setting works in conjunction with the UseSmtpUserAuthentication, SmtpServer, SmtpUserName, SmtpPort and SmtpSSLEnabled settings and sets the password of the user account to be used for communicating with an external SMTP server.
SmtpPortThis setting works in conjunction with the SmtpServer setting and sets the port number to be used for communicating with an SMTP server.
SmtpServerThe fully qualified name or IP address of an SMTP server. GroupID will route messages through this server.
SmtpSSLEnabledThis setting works in conjunction with the SmtpServer, SmtpUserName, SmtpPassword, and SmtpPort settings. Enter True if the external SMTP server is SSL-enabled.
SmtpUserNameThis setting works in conjunction with the UseSmtpUserAuthentication, SmtpServer, SmtpPassword and SmtpPort settings and sets the e-mail address of the user account to be used for communicating with an external SMTP server.
SQLServerSQL server name on which database of previous GroupID version is hosted.
StartDateDate from which membership will be started or revoked or removed.
SslEnabledSpecify that the SMTP server is SSL enabled.
StartTimeTime of the day at which the schedule is triggered.
StateThe state for a user, contact or mailbox.
StorageFilters the mailboxes to be returned. If specified, only mailboxes on the specified server or mailbox store (Exchange 2007-SP3 and later/2010/2013/2016) will be returned. Custom recipients, public folders and distribution lists are not affected by this filter. Typing an asterisk (*) as a value of this parameter searches all mailboxes on any server.
StoreDescriptionDescription of an identity store.
StoreEnabledEnables or disables an identity store.
SubjectThe subject of the e-mail notification.
Sun_ContainerSpecify distinguished name (DN) of a container in an external datasource (specifically Sun ONE iPlanet datasource) in Query Designer of a smart group.
SupportEmailThe e-mail address of the group or contact providing support to users of Password Center and Self-Service portals. This support e-mail address is set by default for all new portals created using Password Center and Self-Service.
SupportURLThe default URL of the online help for Self-Service portals. This URL is set by default for all new portals created using Self-Service.
SWAMobileAttributeThe name of the attribute used by Second Way Authentication via mobile.
SWAQuestionsThe question for security questions based Second Way Authentication. The value to this parameter is supplied as 2-length arrays. The first index contains the question text and the second index contains the name of the attribute for that question.
SWAQuestionsOperationThe action to perform on the SWAQuestions parameter.
SWAuthenticationFactorNumber of authentication types enforced for the security role.
SWEmailAttributeThe name of the attribute used by Second Way Authentication via email.
SystemDSNThe System Data Source Name (DSN) to use as the data source, if the value of the DataSourceType parameter is ODBC Data Source.
T
TableorViewThe table or view name if the value of the DataSourceType parameter is ODBC Data Source, Microsoft SQL Driver or Oracle.
TargetOperationThe actions to perform on targets. Possible values are: - Add - Remove
TargetsProvide the names of groups and containers the job will process as per the action provided in the TargetOperation parameter.
TemplateFileThe path of the template file that the commandlet should use for generating the e-mail contents.
TitleTitle of a user, contact or mailbox.
ToEmailRecipient of the email notification.
TopLevelOnlySets whether the search should return matches only from top-level dynasties or includes sub-level dynasties in the search as well. The default value 0 (zero) returns results from the complete hierarchy of dynasties. Specify the value 1 to return matches from only top-level dynasties.
TopManagerThe distinguished name (DN), globally unique identifier (GUID) or samAccountName of the top-level manager. The commandlet constructs a Managerial Dynasty structure by creating a Smart Group for all direct reports to the selected top-level manager and continues down the Dynasty structure by creating SmartGroups for all direct reports to sublevel managers. (Applies to Managerial Dynasty)
TriggerIdUnique identity of a trigger. The ID can be retrieved from the Triggers property of Get-Schedule commandlet.
TriggerOperationThe actions to perform on the provided triggers . Possible actions are: - Add - Remove single by id - Remove by type - remove all
TriggerTypeThe trigger type while adding or removing triggers to/from a schedule. This parameter is also used to select a schedule with a particular trigger type. Possible trigger types are: - RunOnce - RunDaily - RunWeekly - RunMonthly - RunMonthlyDOW - OnIdle - OnSystemStart - OnLogon
TypeNew-Group, New-Dynasty, New-SmartGroup, New-Dynasty, Convert-Group Specifies that the new group or dynasty will be used either for mail distribution (a Distribution group or dynasty) or for securing public folders or other resources (a Security group or Dynasty). Set-Group, Set-SmartGroup, Set-Dynasty The type of the group to be modified. The available types are: Distribution and Security. Add-GroupMember Perpetual, Temporary Member or Addition Pending Remove-GroupMember Removal Pending, Temporary Removed. If no type is given then it will be considered Perpetual remove.
U
UpdateChildrenThe default value True forces Automate to update the children of a Dynasty when it updates the Dynasty itself. Set its value to False to disable this feature.
UpdateMembershipByManagerEnabledA True value enables the group manager to update the group membership list. The default value is False.
UsernameThe name of the user that will be used for the execution of the commandlet in which it is mentioned. This parameter and the Credentials parameter cannot be used simultaneously in a commandlet.
UseSmtpUserAuthenticationSet its value to True to use SMTP authentication for communicating with the SMTP server. The default value is False. The authentication details are provided by the SmtpUserName, SmtpPassword, SmtpPort and SmtpSSLEnabled settings.
UseSmtpUserAuthenticationSpecify if user authentication of SMTP server is to be used.
V
ValidationDateRemovalIntervalSpecify the number of days since the last profile validation date. GroupID clears the validation date and the policies for new users are applied to this user.
VerbShows information about commandlets or command elements having the specified verb in their name. Wildcard search is also supported.
W
WeekdaysSpecify the weekdays for the weekly triggers. Possible values are: - Sunday - Monday - Tuesday - Wednesday - Thursday - Friday - Saturday - AllDays
WeeksIntervalSpecify weekly interval in weekly triggers i.e. number of weeks after which a scheduled job is repeated.
WhenGroupMembershipThresholdReachPolicy to apply when membership change threshold, specified in out-of-bounds configurations, is reached. Possible values are: - PreventUpdation - NestIntoChildGroups
WindowsAuthenticationEnables Windows Authentication mode for SQL Server. In Windows Authentication mode, administrators can enable users to log on to the SQL Server using their Windows credentials.
WindowsLoggingEventSet events for logging from all GroupID modules in a centralized event log named Imanami GroupID that can be viewed from the Windows Event Viewer. Possible events are: - FailureAudit - SuccessAudit - Info - Warn - Error
X
XDaysBeforeLeaveNotificationMBSpecify the number of days. The temporary additional owner / manager of a group receives a notification before the specified number of days he or she is removed as additional owner / manager.
XDaysBeforeLeaveNotificationMLSpecify the number of days. The user receives a notification before the specified number of days he or she is removed from a group memberships.
Y
YearMonthsSpecify the months of years for monthly triggers. Possible values are: - January - February - March - April - May - June - July - August - September - October - November - December - AllMonths
Z
ZipThe zip code for a user, contact or mailbox.

Unsupported Parameters

GroupID Management Shell does not support common parameters of PowerShell in its commandlets. The common parameters are:

  • Debug
  • ErrorAction
  • ErrorVariable
  • InformationAction
  • InformationVariable
  • OutBuffer
  • OutVariable
  • PipelineVariable
  • Verbose
  • WarningAction
  • WarningVariable
  • Confirm
  • WhatIf
  • Write-Information

See about_CommonParameters for details on these parameters.

See Also

Set the $Credentials Environment Variable

By default, the GroupID Management Shell uses the credentials of the logged-in user for executing commandlets. If you need to use a different user account for some commandlets, you must set the $Credentials environment variable to the credentials of that user. This user account must also be part of the same forest. Once set, the variable can be used as a value for the Credential parameter with those commandlets that you want to execute using this account. The rest of the commandlets are executed under the credentials of the local user.

Syntax

$Credentials = new-object System.Management.Automation.PsCredential "DomainName\User Name",$(convertto-securestring "Password" -asplaintext -force)

Example 1:

The following command sets the $Credentials environment variable to the credentials of the user, John Smith, which exists on the same domain you are logged-on to.

$Credentials = new-object System.Management.Automation.PsCredential "JohnSmith",$(convertto-securestring "MyP@ssw0rd" -asplaintext -force)

Example 2:

The command below sets the credentials of the user, Brian Regan, which exists on a different domain in the same forest.

$Credentials = new-object System.Management.Automation.PsCredential "Sales.Imanami.US\BrianRegan",$(convertto-securestring "MyP@ssw0rd" -asplaintext -force)

Example 3:

The following command shows how to use the $Credentials environment variable with commandlets.

New-Container -ParentContainer "DC=HR,DC=Imanami,DC=US" -Name "Recruiting" -Credential $Cred

See Also