Parameters
This topic discusses the following:
All Parameters
The following table lists the Directory Manager Management Shell commandlet parameters in alphabetical order. Click on alphabet letter to easily locate the parameter which starts with that letter.
| Parameter Name | Description |
|---|---|
| a b c d e f g h i j k l m n o p q r s t u v w x y z |
A
| Parameter Name | Description |
|---|---|
| AcceptMessagesOnlyFrom | The distinguished names (DN), globally unique identifiers (GUID) or samAccountNames of the mailbox users and mail-enabled contacts who can send e-mail messages to the group. Providing a blank value enables the group to accept messages from all mailbox users and all mail-enabled contacts. (Applies to Distribution groups only). |
| AcceptMessagesOnlyFromGroups | The distinguished name (DN), globally unique identifier (GUID) or samAccountName of one or more groups or users that the group is allowed to accept messages from. Separate multiple objects with commas (,). (Applies to Distribution groups only.) |
| AccidentalDeletion | If the value is set as True, user will be prompted before container deletion. |
| Add | Set-User, Set-contact, Set-Mailbox Add will append the values of multi-value attributes and replace the value of single-value attributes. |
Set-Group This setting applies to the AdditionalOwners parameter and lets you add one or more additional owners for this group. The syntax in which the value is entered for this setting is: -Add @{ AdditionalOwners = "Owner1","Owner2","Owner3"} -Add @{ AcceptMessagesOnlyFrom = "User1","User2","User3"} -Add @{ AcceptMessagesOnlyFromGroups = "Group1","Group2","Group3"} -Add @{ RejectMessagesFrom = "User1","User2","User3"} -Add @{ AcceptMessagesOnlyFrom = "Group1","Group2","Group3"} As the value of objects to be added, the setting accepts all the identities supported by the AdditionalOwners parameter, which is the distinguished name (DN), globally unique identifier (GUID) or samAccountName of the user, contact, or security group. | |
| Set-SmartGroup, Convert-Group, Set-Dynasty This setting applies to the following multi-valued parameters and lets you add one or more values to these parameters. Parameters and the syntax for their values follows: | |
| Parameter | |
| SearchContainers (StartPaths can be used as an alternative name of this parameter for this setting) | |
| IncludeRecipients (Includes can be used as an alternative name of this parameter for this setting) | |
| ExcludeRecipients (Excludes can be used as an alternative name of this parameter for this setting) | |
AdditionalOwners | |
| Only Set-Dynasty has this attribute. | GroupBy |
| AcceptMessagesOnlyFrom (AuthOrig can be used as an alternative name of this parameter for this setting) | |
| AcceptMessagesOnlyFromGroups (DLMemSubmitPerms can be used as an alternative name of this parameter for this setting) | |
| RejectMessagesFrom (UnauthOrig can be used as an alternative name of this parameter for this setting) | |
| RejectMessagesFromGroup (DLMemRejectPerms can be used as an alternative name of this parameter for this setting) | |
| The setting accepts all the identities supported by the parameter as the value of objects for each parameter. For example, for the SearchContainer parameter, the setting can accept the DN and GUID of the domains or containers being searched for group members. | |
AdditionalOwners | The distinguished name (DN), globally unique identifier (GUID), or samAccountName of one or more users, contacts, or groups (security groups only) to set as the additional owners for the group. Passing a blank value for this parameter will remove additional owners. |
| Address | Home address of a user, contact or mailbox. |
| AdministrativeNotes | Any information about the group that is useful for its maintenance or administration. It appears on the Exchange Advanced tab of Group Properties dialog box. |
| AdminUserName | The admin username for the Google based providers and messaging systems. This parameter becomes available depending on the value of other parameters - IdentityStoreType and Provider. |
| Alias | Alias of user, group or mailbox. The alias parameter can be a combination of characters separated by a period without any spaces. Avoid using special characters in the alias. The Exchange alias is limited to 64 characters, must be unique and should not contain spaces. |
| AliasTemplate | Specifies the pattern for creating alias names for Dynasty children. For a Managerial Dynasty, the template must contain the %MANAGER% keyword in the input string. This keyword is replaced with the respective manager. For all other Dynasties, the value must contain the %GROUPBY% keyword in the input string for replacement with the respective GroupBy value. |
| All | Perform action on all types of entities. |
| AppId | Used to provide Microsoft Entra ID application ID for Microsoft Entra ID / Office 365 based identity stores and messaging systems. Note that this parameter appears depending on the values of other parameters. Application ID which is generated by Microsoft Entra ID when the application is registered in Microsoft Entra ID. This parameter becomes available depending on the value of other parameters - IdentityStoreType and Provider. |
| Assistant | It will be a DN or (GUID) of another user or contact. |
| AttributesToLoad | Provide list of attributes which should be loaded with objects. In the absence of the list, object will be loaded with minimal attributes. |
| AuthenticationMode | Following are the possible values for this parameter: - 1 (credentials of the logged-in users) - 2 (works in conjunction with IdentityStoreID and Credentials parameters). - 3 (user is authenticated through the Log in dialog box which is also the default mechanism if no authentication mode is defined by user). |
| AuthenticationType | Supported authentication types in Directory Manager which are: - Security questions - Email - SMS - Yubikey - Windows Hello - Authenticator - Link account |
| AuthenticationTypeOperation | Enables or disables the specified authentication type(s). |
B
| Parameter Name | Description |
|---|---|
| Business | First business phone number of a user, contact or mailbox. |
| Business2 | Second business phone number of a user, contact or mailbox. |
| BypassOwnersPolicy | This parameter bypasses the values set in Directory Manager configurations both for primary owner and required minimum additional owners at group creation or modification. If the value is 0 (zero) then this parameter has no affect. |
C
| Parameter Name | Description |
|---|---|
| CarbonCopy | Email address for carbon copy (CC) of notification to be sent other than the main email addresses. |
| ChangeTrackerActions | The list of Directory Manager actions to track for history records. The possible values are: - None - AdditionalOwnerChange - Enrollment - ExpirationPolicyChange - GroupExpire_Renew - OobChange - SecurityTypeChange - WorkflowApprovalDenial - OwnershipChange - QueryChange - AllOthers - All - UpgradeSmartGroupChange To track multiple actions, separate each action with a hash (#) sign and set the complete string as a value of this setting. For example, to track changes in additional owners, enrollment details and security types, specify the value as "AdditionalOwnerChange#Enrollment#SecurityTypeChange". |
| ChildContainer | The distinguished name (DN) or globally unique identifier (GUID) of the container where you want to create the child groups. If you have selected multiple group-by attributes, you can specify a different child container for every attribute in the same sequence as the group-by attributes are specified, separating each with a comma (,). For Managerial Dynasty, passing a blank value creates child groups in the container where the top manager resides. |
| City | The city of a user, contact or mailbox. |
| Clear | Set-User, Set-Contact, Set-Mailbox It will clear the values of multi-value and single-value attributes. |
Set-Group This setting applies to the AdditionalOwners parameter and lets you clear the additional owners list. The syntax for entering the value for this setting is: -Clear @{ AdditionalOwners} -Clear @{ AcceptMessagesOnlyFrom } -Clear @{ AcceptMessagesOnlyFromGroups } -Clear @{ RejectMessagesFrom } -Clear @{ AcceptMessagesOnlyFrom } | |
| Set-SmartGroup, Convert-Group, Set-Dynasty This setting works for the following multi-valued parameters and lets you clear all their existing values. Parameters and the syntax for their values follows: | |
| Parameters | |
| SearchContainers (StartPaths can be used as an alternative name of this parameter for this setting) | |
| IncludeRecipients (Includes can be used as an alternative name of this parameter for this setting) | |
| ExcludeRecipients (Excludes can be used as an alternative name of this parameter for this setting) | |
AdditionalOwners | |
| Only Set-Dynasty has this attribute | GroupBy |
| AcceptMessagesOnlyFrom (AuthOrig can be used as an alternative name of this parameter for this setting) | |
| AcceptMessagesOnlyFromGroups (DLMemSubmitPerms can be used as an alternative name of this parameter for this setting) | |
| RejectMessagesFrom (UnauthOrig can be used as an alternative name of this parameter for this setting) | |
| RejectMessagesFromGroup (DLMemRejectPerms can be used as an alternative name of this parameter for this setting) | |
| As the value of objects for each parameter, the setting accepts all of the identities supported by the parameter. For example, for SearchContainer parameter, the setting can accept the distinguished name (DN) and globally unique identifier (GUID) of the domains or containers to be searched for the group members. | |
| ClearSet | Clears the specified notification recipients set. Possible values are: - All - Recipients - PasswordExpiry (Password Expiry group notifications) - ML (Membership life cycle notifications) - MB (Managed by life cycle notifications) |
| ClientName | Name of Directory Manager client such as Admin Center, Management Shell, all portals created using Admin Center. |
| Company | The company of user, contact or mailbox. |
| ConfiguredExchange | Specifies the messaging system that Directory Manager uses for creating the e-mail addresses of mail-enabled objects. The default value 1 uses the latest version of Exchange installed if Directory Manager is connected to a domain with multiple versions of Exchange. You can change the system to any of the following values: - 2013 (for Exchange 2013) - 2016 (for Exchange 2016) - 2019 (for Exchange 2019) - 0 (for AD-only domain) - 2 (other messaging system) |
| Connected | Used to request connected identity store to the current instance of Directory Manager Management Shell. |
| Container | The distinguished name (DN) or globally unique identifier (GUID) of one or more containers where you want to search for a user, contact or group. Separate multiple values with commas. |
| Country | Country of a user, contact or mailbox, represented as the 2-character country code based on ISO-3166. |
| CreateFlatManagerialList | Setting a True value creates this dynasty as flat managerial list. A flat managerial list is a form of managerial dynasty in which all direct reports of the top manager and sub-level managers are added as members of one group and no separate groups are created for the sub-ordinates of the top manager's direct reports. If this setting is set to True, the flat operation is performed on the next update of the dynasty where it breaks its current hierarchy and re-builds the memberships of the parent group on the flat dynasty logic. (Applies to Managerial Dynasty) |
| CriteriaFilters | Same as rolecriteriafilters |
| CriteriaScope | Same as RoleCriteriaScope |
| Credential | The $Credentials environment variable holds the user's authentication information. Use this variable to execute the commandlet using the credentials of a user account other than the one you are logged on to the connected identity store. |
| CustomAttribute1-15 | A value for an attribute that you determine. Use these attributes—up to 15—to store additional information specific to your needs. |
D
| Parameter Name | Description |
|---|---|
| Database | SQL database name of previous Netwrix Directory Manager (formerly GroupID) version. |
| DataSourceConnection | Set or modify connection string of an external data source in Query Designer of a Smart Group or Dynasty. |
| DataSourceName | The name of the database that contains the table or view you want to use for your query. This parameter is applicable on the following data source types: - Microsoft SQL Driver - Oracle |
| DataSourcePassword | The password for the specified user account to use for connecting to the specified data source. |
| DataSourceQuery | Specifies the database query to execute to retrieve results from the data source. This can be a query statement and can include multiple columns separated by commas (,). The field names are enclosed in brackets ([ ]) to prevent any ambiguity that the query engine might encounter because of spaces between column names. Directory Manager Management Shell also needs to know how the information in the source relates to the directory so it can find the recipients identified in the data source in the directory and add them to the group. This relation is defined through the LdapFilter parameter. If no match is found, the data source entry will be skipped. |
| DataSourceType | Use this parameter to combine an external data source with Active Directory to determine the group membership. When a connection is configured, Directory Manager Management Shell connects to the database and retrieves results. It then queries Active Directory to find matching records. The parameter can also be used to connect to external directories. Specify any of the following external data source types: - Text Driver - ODBC Data Source - Sun ONE iPlanet Driver - Lotus Notes - Microsoft SQL Driver - Oracle |
| DataSourceUserName | The username of the account to use for connecting to the specified data source. |
| DaysInterval | Specified the daily interval for daily triggers. |
| DefaultAllowPermissions | By default, all permissions except those specified in RolePermissions are denied. The application of this parameter overrides the default behavior and causes all of the permissions except those specified in RolePermissionNames to be granted. |
| DefaultApprover | Specifies the default approver for an identity store. |
| DefaultExpirationPolicy | The default expiry days to set for new groups at creation, which can later be changed for groups individually using the Set-SmartGroup commandlet. The default value 0 implies that the groups will never expire. |
| DefaultGroupApprover | The distinguished name (DN), globally unique identifier (GUID) or samAccountName of the default approver to whom notifications will be sent for groups having no owners. |
| DefaultGroupDeletionTimeAfterExpiry | The number of days after which an expired group should be deleted. The default value is 30. This parameter only applied if the value of the DeleteExpiredGroups parameter has been set to True. |
| DefaultMaximumNumberOfMembers | The maximum number of members a group can have. |
| DefaultMaximumNumberOfMembersToDisplay | The maximum number of items to display in the Automate groups list. The default limit is set to 1000. |
| DefaultNumberOfOwnersToDisplay | The number of most recently used recipients (set as group owners) to show on the shortcut menu when setting the owner for multiple groups. The default value is 5. |
| DefaultReportToMessageOrginator | Setting its value to True sends non-delivery reports (NDR) to the message originator (sender). By default, it is set to False. |
| DefaultReportToOwner | Setting its value to True sends non-delivery reports (NDR) to the group owner. By default, the value is set to False. |
| DefaultRequestDeletionTime | Workflow requests older than the number of days given in this parameter will be deleted by the CleanupApprovedRequests, CleanupDeniedRequests and CleanupPendingRequests settings. The default value of this setting is 30. This setting applies only if the DeleteRequests setting is set to True. |
| DefaultStartWithGlobalCatalogInQueryDesigner | Its default value True sets the Global Catalog as the default scope for searches on the Query Designer. Changing its value to False searches the logged-on domain only. |
| DefaultUnusedGroupsExpirationTime | This setting is related to the group usage lifecycle and applies only if the GroupUsageLifecycleEnabled and ExpireUnusedGroups settings are set to True. Its value is the unused period (in number of days) of the lifecycle period for a mail-enabled distribution group after which its life is reduced to 7 days. The default value of this setting is 60 days. |
| DeletedObjects | It is a switch, if present then delete object replication will be started. |
| DeleteEmpty | Setting its value to True forces Automate to delete Dynasty children when they are empty or when their parents are deleted. The default value is False. |
| DeleteExpiredGroups | The default value True enables the automatic deletion of expired groups according to the number of days specified in the DefaultDeletionTimeAfterExpiry parameter. |
| DeleteNestedOrphanGroups | This parameter deletes nested orphan groups according to the following rules: - If the maximum membership value is reached and the Do not update option is selected, then the parameter has no effect. - If the maximum membership value is reached and the Nest into child groups option is selected, then, upon membership update, more nested child groups are created and orphan nested groups are deleted. - If the maximum membership value is increased then upon the group's membership update, members from the nested child groups are moved into the parent group and the nested groups are orphaned. This parameter deletes the nested groups. |
| DeleteRequests | The default value True enables the removal of older workflow requests, a feature that removes those approved, pending, and denied workflow requests that are older than the number of days specified in the DefaultRequestDeletionTime setting. |
| Department | The department of a user, contact or mailbox. |
| Description | Used to provide description of an entity while: - creating a new group (managed or unmanaged) or dynasty. - modifying a user, contact, group (managed or unmanaged) or dynasty. - converting a static group to a smart group. |
| DestinationContainer | The distinguished name (DN) or globally unique identifier (GUID) of the container that you want to move the group to. The destination container must be part of the same forest. |
| DirectReports | Provide any of the following identity for the direct report: - Distinguished name (DN) - Globally unique identifier (GUID) - Comman-name (Cn) - Name - SamAccountName |
| DisableAttributeUpdation | Specifies that attribute updation should not occur when Profile Validation cycle of a user is expired. |
| Disabled | In some commandlet this parameter is used to retrieve disabled entities such as disabled schedules or identity stores and in some it disables an entity. |
| DisableExpiredGroupDeletion | Disables the deletion of the expired groups. |
| DisableGroupAttestation | Disables the group attestation at identity store level. |
| DisableGUSLifecycle | Disables the group usage life cycle of groups at identity store level. |
| DisableNewProfileValidationLifecycle | Disables the profile validation of new profiles. |
| DisableOrphanGroupDeletion | Disables deletion of orphan groups when, upon membership update, they become orphan. |
| DisableOutOfBoundsAlerts | Disables generation of out of bound alerts to group owners upon membership threshold and does not update the membership. |
| DisableSecurityGroupsExpiry | Disables expiration of the security groups. |
| DisableSWAuthenticationViaEmail | Disables second way authentication via email. |
| DisableSWAuthenticationViaMobile | Disables second way authentication via mobile. |
| DisableSWAuthenticationViaSecurityQuestions | Disables second way authentication via security questions. |
| DisableValidationDateRemoval | Causes the validation date not to be cleared after the profile validation has been expired. |
| DisallowingPasswordExceptionFilePath | Specifies the path to a file containing a list of strings that cannot be set as password. |
| DisplayName | Display name while - creating a user, contact, group (managed & unmanaged), dynasty or mailbox. - modifying a user, contact, group (managed & unmanaged), dynasty or mailbox. - converting a static group to a smart group. - retrieving a tombstone object. |
| DisplayNameTemplate | Specifies the pattern for generating display names for Dynasty children. For the Managerial Dynasty, the template must contain the %MANAGER% keyword in the input string. This keyword is replaced with the respective manager. For all other Dynasties, the value must contain the %GROUPBY% keyword in input string for replacement with the respective GroupBy value. |
| DistinguishedName | Distinguished name of an object in directory. |
| Domain | Domain name of the provider mentioned in a commandlet. The domain name can be of an Active Directory domain, Microsoft Entra ID domain or messaging provider's domain. This parameter becomes available depending on the value of other parameters. |
| DomainExpiration | (Applies to Password Expiry group.) The domain expiration policy for the group. This policy allows you to specify maximum password age. The default value is 42 days. |
| DynastyManagerAsMember | Set its value to True to add the manager of direct reports to the membership of the direct reports group so that the manager receives a copy of any e-mail sent to the group. The default value is False. |
E
| Parameter Name | Description |
|---|---|
| EmailAddress | A valid email address of a user, contact, mailbox or group (if mail-enabled) |
| EmailProviderDomain | This setting applies if the ConfiguredExchange setting is set to 2. Its value is the domain name of the external e-mail provider. For example, googlegroups.com. |
| EmailTemplatePath | Location of the email template that will be used while sending an email notification to a user or group. |
| EnableAttributeUpdation | Enables attribute update when a user is expired in Profile Validation cycle. It sets the given string as the attribute's value for the user. |
| Enabled | In some commandlet this parameter is used to retrieve enabled entities such as enabled schedules or identity stores and in some it enables an entity. |
| EnableExpiredGroupsDeletion | Enables the deletion of expired groups. |
| EnableGroupAttestation | Enables the group attestation i.e. to review and validate the attributes and membership of an expiring group before renewing it. |
| EnableGUSLiefecycle | Enable group usage life cycle i.e. set the expiry of mail-enabled distribution groups based on their usage. |
| EnableNewProfileValidationLifecycle | Enables profile validation for newly found user objects (by way of newly created objects or by way of disabled object enabled again) in the directory. |
| EnableNotifications | Enables notifications in a schedule. |
| EnableOrphanGroupDeletion | Enables deletion of orphan groups when, upon membership update, they become orphan. |
| EnableOutOfBoundsAlerts | Enables generation of out of bound alerts to group owners upon membership threshold and does not update the membership. |
| EnableSecurityGroupsExpiry | Enables expiry of security groups. |
| EnableSWAuthenticationViaEmail | Enables second way authentication via email. |
| EnableSWAuthenticationViaMobile | Enables second way authentication via mobile. |
| EnableSWAuthenticationViaSecurityQuestions | Enables second way authentication via security questions. |
| EnableUpdate | Specify False to disable the group update and scheduled job process. Default value is True. |
| EnableValidationDateRemoval | Clears the validation date if X number of days have passed since the last validation date. In case of a rehire scenario, the object will be treated as a newly created object and the validation process for new users will apply to it. |
| EndDate | Date on which membership will end or restore. Or Date on which membership will end/restore, or a schedule will end. |
| EnforceOutOfBounds | Enables / Disables enrollment on an identity store. |
| EnrollmentType | Possible values are: - None - Mobile - SecurityQuestions - Email - Authenticator - LinkAccount - Yubikey - WindowsHello - All - Any |
| ExcludeNestedLists | Setting a True value excludes child Dynasties from the membership of the parent Dynasty. The default structure of Managerial Dynasty adds the Smart Group of sub-level manager in the membership list of the top-level manager's Smart Groups. (Applies to Managerial Dynasty) |
| ExcludeOUs | The default value True excludes from exploration the organizational units specified in the IncludeExcludeOUs parameter. Setting its value to False applies the expiration only on the organizational units specified in the IncludeExcludeOUs parameter and excludes the rest. |
| ExcludeRecipients | The distinguished name (DN), globally unique identifier (GUID) or samAccountName of one or more objects that you want to exclude statically from the group membership regardless of whether they are returned by the query. |
| ExpansionServer | The name of the Expansion server. The Expansion server is the Exchange server responsible for expanding a distribution list and creating a message for each of the members. |
| ExpirationPolicy | Set the expiration policy for the group. This parameter does not work for Dynasty children since they inherit the expiration policy of their parent Dynasty and you cannot change it explicitly at child level. |
| ExpirationRange | The expiration range policy for the group. This policy defines when Directory Manager Management Shell will include a user in the membership of the Password Expiry group. For example, a domain expiration policy is configured with a maximum password age of 30 days. Setting the expiration range policy to 10 will include users in the membership of the Password Expiry group who have passwords aged 20 days or older. (Applies to Password Expiry group) |
| ExpiredGroupsDeletionInterval | Number of days since groups expiry after which the groups shall be deleted. |
| ExpireUnusedGroups | This setting is related to the group usage lifecycle and applies only if GroupUsageLifecycleEnabled is set to True. The value True reduces the life of mail-enabled distribution groups that have not been sent any e-mail for a particular period. This unused period is defined in the DefaultUnusedGroupsExpirationTime setting. Under its default value False, the life of unused groups is always extended as soon as they reach their expiration date. |
| ExtendGroupLife | Extend the life of the group as per the ExpirationPolicy parameter's value. The default value of this parameter is True, so specifying a value is not required. |
| ExtensionDataAttributes | By default, ExtensionDataAttribute attribute is used for storing the value. In case it has been modified then this parameter must specify the attribute being used for storing the value. |
F
| Parameter Name | Description |
|---|---|
| FileLoggingEvent | Set the event for which file logs are generated. |
| FilePath | The path of the text file, if the value of the DataSourceType parameter is Microsoft Text Driver. |
| FilterOperation | Operation to perform on role criteria filters |
| Filters | Specifies how the values of group-by attributes are stripped out for creating the child groups. This parameter allows you to collapse several different values into one. Use any of the following as a value of this parameter: - <Blank value> - Do not use any filter and create a group for each distinct value of the attribute. - Left <Number of characters> - Selects the specified number of characters from the attribute starting from the left-end of the string. Each distinct set of selected characters from the group-by attribute is then used to create a group. - Right <Number of characters> - Selects the specified number of characters from the attribute starting from the right-end of the string. Each distinct set of selected characters from the group-by attribute is then used to create a group. - %GROUPBY%/<the part of the value to leave out> - Use this filter when you have a character separator. Specifying this filter creates a group for each distinct value of the portion of the attribute selected. %GROUPBY% represents the significant portion of the value. After the slash, you can specify the portion you want to leave out of the attribute's value. Specifying * after the slash leaves out any portion of the value that occurs after the slash. For multiple group-by attributes, provide a filter values for each attribute separated by a comma (,). |
| FirstName | The first name of a user, contact or mailbox. |
| FromEmail | Email address that SMTP uses to send emails from. |
| FromEmailAddress | The e-mail address to use for sending notifications |
G
| Parameter Name | Description |
|---|---|
| GenerateOnedayToExpiryReport | The default value True notifies the group owner of its expiry one day before the expiration date. Set its value to False to disable this notification. |
| GenerateSevenDaysToExpiryReport | The default value True notifies the group owner of its expiry seven days before the expiration date. Set its value to False to disable this notification. |
| GenerateThirtyDaysToExpiryReport | The default value True notifies the group owner of its expiry thirty days before the expiration date. Set its value to False to disable this notification. |
| GroupAlias | Alias for the new group, distribution group or dynasty. The alias can be a combination of characters separated by a period without any spaces. Avoid using special characters in the alias. The Exchange alias is limited to 64 characters, must be unique and should not contain spaces. |
| GroupBy | Name of the group-by attribute. Separate multiple attributes with commas (,). This parameter is required for all Dynasties except the Managerial Dynasty. |
| GroupIdentity | The distinguished name (DN), globally unique identifier (GUID), security identifier (SID), canonical name (CN) or SamAccountName of the group to add members to. |
| GroupIDVersion | Previous Netwrix Directory Manager (formerly GroupID) version to upgrade from. This parameter accepts integer values e.g. 7.0, 8.0 and 9.0. - 9.0 = GroupID 9.0 - 10.0 = GroupID 10.0 |
| GroupLifeDays | Specifies the number of days to extend / reduce (depending on the configured extension policy) if the group has not been used this number of days. |
| GroupNamePrefixes | One or more prefixes configured in Directory Manager configurations. They are prefixed with the group name and display name when you create a new group or modify an old group using the Properties option. |
| GroupScope | Specify the scope for the group or dynasty. The available group scopes are: Universal, Global, and Domain Local. |
| GroupType | Specify the group types for upgrade: 1 = Non-managed groups 2 = Smart Groups 3 = Parent Dynasty 4 = Middle Dynasty 5 = Leaf Dynasty 6 = Password Expiry Smart Group When a specific dynasty is upgraded it is recommended to upgrade the whole dynasty using the SearchContainer parameter and update it after running the Upgrade-Group command (provided that the whole Dynasty is in the same container). If a specific parent or middle or leaf Dynasty is upgraded using the Upgrade-Group command, update will be required to link it with the Dynasty chain. |
| GroupUsageLifecycleEnabled | Set its value to True to enable the group usage lifecycle feature. This lifecycle is executed by Group Management Service (GMS) for mail-enabled distribution groups and adds an additional rule to their regular expiration process. Under this lifecycle, if no e-mail is sent to a mail-enabled distribution group for a particular period, you can set GMS to reduce its expiration date to 7 days. Under its default behavior, unused distributions groups are never expired. As soon as, they reach their expiration date, their life is extended by reapplying the expiration policy on them. |
H
| Parameter Name | Description |
|---|---|
| HavingNotifications | Used to select those schedules having notifications enabled. Used only in Get-Schedule |
| HiddenFromAddressListEnabled | Specifying a True value prevents the group from appearing in Exchange address lists. The default value is False. |
| HideMembership | Setting its value to True hides group membership in the Outlook address book. The default value is False. |
| HideMembershipFromAddressListEnabled | A True value prevents the group membership from appearing in the Outlook address book. The default value is False. |
| HistoryActionsOperation | The operation on actions that the history will keep track of. Possible values are: - Add - Remove - Remove all |
| HistoryRetention | Specifies the interval for which the history is tracked. Possible values are: - All - Last_30_Days - Last_60_Days - Last_90_Days - Last_120_Days - Last_6_Months - Last_1_Year - Last_2_Years - Last_5_Years |
| HistorySelectedActions | The actions that the history will keep track of. Possible values are: - OwnershipChange - AdditionalOwnerChange - ExpirationPolicyChange - GroupExpireRenew - QueryChange - SecurityTypeChange - ObjectCreated - ObjectDeleted - IdentityStoreHistory - SecurityRolesHistory - WorkflowsHist |
| HistoryTrackingOption | Specifies what the history will keep track of. Possible values are: - Nothing - All_Actions - Selected_Actions |
| Home | First home phone number of a user, contact or mailbox. |
| Home2 | Second home phone number of a user, contact or mailbox. |
| HomePage | The link of a user, contact, group or mailbox's profile or home page. |
I
| Parameter Name | Description |
|---|---|
| Identity | Supported identities are: - Distinguished name (DN) - Globally unique identifier (GUID) - Comman-name (Cn) - Name - SamAccountName |
| IdentityStoreId | Unique identifier of identity store. |
| IdentityStoreName | Name of an identity store. |
| IdentityStoreType | Specify the type of an identity store. Possible types are: - ActiveDirectory - Microsoft Entra ID - Google Workspace - Generic LDAP |
| IgnoreConnectionFail | While creating an identity store, an active service account and valid credentials are required for connecting to an identity store. This parameter overrides this behavior and creates the identity store even if the connection is not active or the credentials are invalid. |
| IncludeAllContainers | Applies when JobType is set to GUS. This parameter includes all containers in the schedule. |
| IncludeAllMessagingSystems | Applies when JobType is set to GUS. This parameter includes all messaging systems in the schedule. |
| IncludeDisabledUsers | (Applies to Password Expiry group.) Specifying this parameter includes disabled users in the group membership. |
| IncludeEntityTypes | Used only in Get-RolePermissionNames. This parameter retrieves the permission categories alongwith the permission name. |
| IncludeExcludeOUs | The distinguished name (DN) or globally unique identifier (GUID) of one or more organizational units to include in or exclude from expiration. The behavior of this setting depends on the value set for ExcludeOUs parameter. |
| IncludeManagerAsMember | Setting a True value includes each manager as a member of their direct reports group; so that, whenever an e-mail is sent to the direct reports group, their manager also receives a copy of it. (Applies to Managerial Dynasty only) If this setting is set to True, the manager will be included to the membership of direct reports on the next update of the dynasty. |
| IncludePasswordNeverExpireUsers | Specifying this parameter includes users whose password never expires in the group membership. Skipping this parameter excludes them from the group membership. (Applies to Password Expiry group) |
| IncludeRecipients | The distinguished name (DN), globally unique identifier (GUID) or samAccountName of one or more objects that you want to include statically in the group membership regardless of whether they are returned by the query. |
| InheritanceBehavior | Specifies whether Dynasty children should inherit attributes from their parent. The attributes that Dynasty children inherit are stored in the InheritedAttrs option, which can be viewed using the Get-Options commandlet. Values are: - 0 (Inherit selected attributes only on creation) - 1 (Always inherit selected attributes) - 3 (Never inherit selected attributes) |
| InheritedAttrs | One or more attributes of the parent Dynasty whose values you want its children to inherit at creation or when it is updated. |
| Initials | The initials of a user, contact or mailbox. |
| InlineImageFile | The path of the image file that you want to include in the e-mail notification. This image is included in the e-mail body; it is not sent as an attachment. |
| IsExpired | A True value of the parameter expires the group and a False value renews the group. This parameter does not work for Dynasty children since they expire with the parent. |
| IsPasswordExpiryGroup | Specifying this parameter creates a Password Expiry group. If skipped, a simple Smart Group will be created. |
| IsPasswordExpirySmartDL | Specifying this parameter is mandatory if you are updating a Password Expiry group. If this parameter is skipped, the group will be converted to a simple Smart Group. |
| IsPreciseSearch | If object types parameter is defined, IsPreciseSearch will force search results for those particular object types only. |
| IsSecurityGroupExpirationPluginEnabled | Set its value to True to enable the security group expiration feature. By default, it is set to False. |
J
| Parameter Name | Description |
|---|---|
| JobType | Type of the schedule (e.g. SmartGroup, GUS etc.). This parameter is used in some cmdlets to retrieve the schedules by job type. In New-Schedule, it is used to set the type of schedule. |
K
| Parameter Name | Description |
|---|---|
| KeepHistoryOption | Specifies the length of time to retain history records in the Directory Manager database. The default value 0 retains all history data of the actions specified by the ChangeTrackerActions setting. You can change it to any of the following values: - 1 (for 30 days) - 2 (for 60 days) - 3 (for 90 days) - 4 (for 120 days) - 5 (for 6 months) - 6 (for 1 year) - 7 (for 2 years) - 8 (for 5 years) The setting does not destroy the older history data. Rather, it exports the older data to an Excel file for later reference. This Excel file is created in the HistoryBin folder in the Directory Manager installation directory. Group Management Service performs the history data export. With every execution of the service, it checks the specified period against Keep History option for the domain and exports the older data to the Excel file (if found). |
| KeepUserHistory | It upgrades the history of the groups. |
| KeyMapAD | Specify the primary key for provider in external data source in Query Designer. |
| KeyMapDB | Specify the primary key for Database in external data source in Query Designer. |
| KillAtDurationEnd | The schedule job will be forced to terminate if it's still running at the end of its duration. |
L
| Parameter Name | Description |
|---|---|
| LastName | The last name of user, contact or mailbox. |
| LdapFilter | The LDAP search filter that defines your search criteria. This parameter stores your query. A Smart Group can dynamically build its membership according to the query associated with it. Similar to Smart Group, a Dynasty has the capability to dynamically build its membership according to the query associated with it. |
| LDAPSearchContainer | The container for the Sun ONE iPlanet data source. |
M
| Parameter Name | Description |
|---|---|
| MailEnabled | Specifies whether to create a mail-enabled user, contact or group (managed & unmanaged). Provide a True value for mail-enabled object, otherwise a non-mail-enabled object will be created. |
| MailBoxStore | Specifies which mailbox store will be used. |
| ManagedBy | The distinguished name (DN), globally unique identifier (GUID) or samAccountName of the user, contact or group (security groups only) that you want to set as the group owner or manager. Passing a blank value for this parameter will remove the manager. |
| Manager | Provide any of the following identity for the manager of the user: - Distinguished name (DN) - Globally unique identifier (GUID) - Comman-name (Cn) - Name - SamAccountName |
| MatchingCriteria | Used in Get-Schedule. Number of criteria (for example TriggerType and JobType) can be used to retrieve schedules, this parameter describes how to join the criteria by using Or and And. |
| MaximumMembersPerGroup | Specifies the maximum number of members that a group can hold. If this limit is reached, out-of-bounds configurations are applied to the group. |
| MaximumMembersToDisplay | The number of members to display for a group on the Members tab. |
| MaximumPasswordAge | The parameter has no effect on the group to be modified. |
| MaxItemsToDisplay | The maximum number of objects the commandlet should return. |
| MaxiumumAliasLength | This setting works if the ConfiguredExchange setting is set to 2. Its value is the maximum number of characters that an external e-mail alias can contain. The minimum value is 10. The default value is 64. |
| MaxSendSize | The maximum allowed e-mail message size in kilobytes (KB) that can be sent from the group. (Applies to Distribution groups only) |
| MembershipCountThreshold | Triggers an out-of-bound exception if the number for current or new membership exceeded than the specified number. |
| MembershipPercentageThreshold | Specifies that if out-of-bounds alerts are enabled, membership should stop if updation would cause this percentage of members change in the group and generate a notification to owners. |
| MessagingSystems | Applies when JobType is set to GUS. Use this parameter to specify the message systems for GUS job. This parameter and IncludeAllParameters cannot be applied both at the same time. |
| MinimumPasswordAge | The parameter has no effect on the group to be modified. |
| Mobile | Cell number of user, contact or mailbox. |
| MsExchCoManagedByLink (ExchangeAdditionalOwners can also be used as an alternate name of this parameter) | The distinguished name (DN), globally unique identifier (GUID) or samAccountName of one or more users that you want to set as Exchange additional owners. This setting applies only if Exchange Server 2010 is deployed in your environment. |
| MsExchRequireAuthToSendTo | Set its value to True if you want senders to be authenticated for sending e-mails. |
N
| Parameter Name | Description |
|---|---|
| Name | The name of the new organizational unit, group, query-based-distribution group or dynasty being created. Get-ImanamoCommand Gets information only about commandlets or command elements with the specified name. Wildcard search is also supported. |
| NewName | New name of an identity store or a schedule. |
| NewProfileValidationLifecycle | The number of days within which new users should validate their profiles. |
| Notes | Description text about a user, contact, group, or mailbox that appears on the General tab of their Properties dialog box. |
| NotificationSendingCriteria | When a notification for a scheduled job is to be sent. Possible values are: - Always - OnSuccess - OnFailure |
| NotifyAddedMembers | Notify objects when they are added to the membership of a group. |
| NotifyLoggedInUsers | Specify whether the logged in users should be notified for changes they make to directory objects using Admin Center, all portals created using Admin Center and Directory Manager Management Shell. This setting applies only to mail-enabled users. |
| NotifyModifiedObject | Specify whether to send email notification to an object (group, user, contact) being modified. For group, group members are notified. For contact and user, the particular contact or user is notified about the changes. |
| NotifyOptOutAdditionalOwners | Excludes some or all additional owners from receiving all expiry deletion and renewal notifications. |
| NotifyOwners | Specifies whether the to send notification emails to the primary and additional owners (for groups), and managers of users/contacts about changes made to the respective objects. |
| NotifyPublicGroupOwner | Specify whether to send email notifications to the primary and additional owners of a public group upon membership change. |
| NotifyUserGroupJoinMB | Specify whether to send email notification to users when they are added as additional owner or manager to the membership of a group. |
| NotifyUserGroupJoinML | Specify whether to send email notification to users when they are added in a group. |
| NotifyUserGroupLeaveMB | Specify whether to send email notification to users when they are removed as additional owner or manager of a group. |
| NotifyUserGroupLeaveML | Specify whether to send email notification to users when they are removed as member from a group. |
| Noun | Shows information about commandlets or command elements having the specified noun in their name. Wildcard search is also supported. |
| NumberofOwnersToDisplay | The maximum value that can be set for the DefaultNumberOfOwnersToDisplay parameter. 24 is the maximum. |
O
| Parameter Name | Description |
|---|---|
| Office | Office phone number of a user, contact or mailbox. |
| Operator | Same as RoleCriteriaOperator |
| Options | The list of options to be retrieved from the registry. |
| OrganizationalUnit | The distinguished name (DN) or globally unique identifier (GUID) of the container where you want to create a user, contact, group or mailbox. |
| OutOfBoundsAlertEnabled | Set to True to enable out-of-bound exceptions when group memberships change. Out-of-bound exceptions prevent massive changes from occurring to group memberships. When an out-of-bounds exception occurs, the group membership is not updated and the owner or administrator is notified via e-mail. If the owner or administrator determines that the change is valid they can update the group manually. |
| OutOfBoundsMinimum | This setting works in conjunction with OutOfBoundsPercentage. If both the percentage and the current membership or new membership exceeds the number specified for this parameter, an out-of-bounds exception will occur. The setting applies only if the OutOfBoundsAlertEnabled parameter is set to True. |
| OutOfBoundsPercentage | The out of bound percentage that is calculated by adding the number of members being added to the group and the number of recipients being removed from the membership and then dividing the result by the total number of new members. This setting works in conjunction with OutOfBoundsMinimum. If both the percentage and the OutOfBoundsMinimum limit is exceeded, an out-of-bounds exception will occur. The setting applies only if the OutOfBoundsAlertEnabled parameter is set to True. |
P
| Parameter Name | Description |
|---|---|
| P12CertificatePath | Specify the location of a P12 certificate file for a Google based identity store. Note that this parameter appears depending on the values of other parameters. |
| PageSize | The number of history records to show on a page on the History tab of the group Properties dialog box. |
| ParentContainer | The distinguished name (DN), globally unique identifier (GUID) or security identifier (SID) of the container where you want to create a new organizational unit. To create the container at root level, pass the DN of the domain as the value of the parameter. |
| Password | Password of SQL user name. |
| PasswordCenterSupportURL | The default URL of the online help for Password Center portals. This URL is set by default for all new portals created using Password Center. |
| PasswordExceptionOperation | The operation to perform on the values supplied in the PasswordExceptions parameter. |
| PasswordExceptions | Specifiy the password exceptions. This parameter accepts 2-Length arrays. First index contains the operator and the second index contains the value. Possible values for operator are: - Equals - Startswith - Endswith - Contains - Regexp Example: @('contains', 'password123') is a valid value |
| PasswordPortalUrl | Specify the Password Portal Url. |
| PasswordRuleOperation | The action to perform on the values supplied in the PasswordRules parameter. |
| PasswordRules | Specify the regular expressions (rules) for passwords. |
| PermissionOperation | The operation to perform on the Permissions parameter. |
| Permissions | Same as RolePermissions |
| Port | Specify the port number for the specified data source. |
| PowerTools | Include respective power tools to execute script in Query Designer of Smart Group. |
| ProfileValidationGroupDN | Specify the distinguished name of a group to apply profile validation on. |
| ProfileValidationReminderOperation | Specify the operation to perform on the value of the ProfileValidationReminders parameter. |
| ProfileValidationReminders | Specify the profile validation reminders. Values are supplied as 2-length array. The first index contains the name of reminder and the second index contains the number of days the reminder is sent to the user relative to the days left for the profile validation period to end. Example: @'first', 15) indicates a reminder named first with 15 days |
| Provider | Specify a provider for messaging server. The supported providers are: - Office 365 - GSuite - Exchange 2013 - Exchange 2016 - Exchange 2019 |
Q
| Parameter Name | Description |
|---|---|
| QuestionOperation | Specify the operation to perform on the SecurityQuestions parameter. |
| QueueEmail | Specifying this parameter sends the notification e-mail through Directory Manager Email Service. Email Service maintains a queue of all notifications to be sent by Directory Manager and ensures that they are delivered when the SMTP server is down. If this parameter is left out, the notification e-mail is sent directly without being added to the notification queue. Consequently, if the configured SMTP server is down, the e-mail is lost. Therefore, it is recommended that you use this parameter in every Send-Notification command. |
R
| Parameter Name | Description |
|---|---|
| Recipients | Specify recipients for the job completion email notifications. |
| RegularProfileValidationLifecycle | Specify the number of days for the profile validation life cycle period. |
| RejectMessagesFrom | The distinguished names (DN), globally unique identifiers (GUID) or samAccountNames of the mailbox users and mail-enabled contacts who are not allowed to send e-mail messages to the group. (Applies to Distribution groups only) |
| RejectMessagesFromGroup | The distinguished name (DN), globally unique identifier (GUID) or samAccountName of one or more groups or users, the group is restricted to accept messages from. Separate multiple 0bjects with commas (,). (Applies to Distribution groups only.) |
| Remove | Set-User, Set-Contact, Set-Mailbox It will remove the values of specified attributes. |
Set-Group This setting applies to the AdditionalOwners parameter and lets you remove one or more additional owners for this group. The syntax in which the value is entered for this setting is: -Remove @{ AdditionalOwners = "Owner1","Owner2","Owner3"} -Remove @{ AcceptMessagesOnlyFrom = "User1","User2","User3"} -Remove @{ AcceptMessagesOnlyFromGroups = "Group1","Group2","Group3"} -Remove @{ RejectMessagesFrom = "User1","User2","User3"} -Remove @{ AcceptMessagesOnlyFrom = "Group1","Group2","Group3"} As the value of objects to be removed, the setting accepts all the identities supported by the AdditionalOwners parameter, which is the distinguished name (DN), globally unique identifier (GUID) or samAccountName of the user contact, or security group. | |
| Set-SmartGroup, Convert-Group, Set-Dynasty This setting applies to the following multi-valued parameters and lets you remove one or more values from these parameters. Parameters and the syntax for their values follows: | |
| Parameter | |
| SearchContainers (StartPaths can be used as an alternative name of this parameter for this setting) | |
| IncludeRecipients (Includes can be used as an alternative name of this parameter for this setting) | |
| ExcludeRecipients (Excludes can be used as an alternative name of this parameter for this setting) | |
AdditionalOwners | |
| Only Set-Dynasty has this attribute. | GroupBy |
| AcceptMessagesOnlyFrom (AuthOrig can be used as an alternative name of this parameter for this setting) | |
| AcceptMessagesOnlyFromGroups (DLMemSubmitPerms can be used as an alternative name of this parameter for this setting) | |
| RejectMessagesFrom (UnauthOrig can be used as an alternative name of this parameter for this setting) | |
| RejectMessagesFromGroup (DLMemRejectPerms can be used as an alternative name of this parameter for this setting) | |
| The setting accepts all the identities supported by the parameter as the value of objects for each parameter. For example, for the SearchContainer parameter, the setting can accept the DN and GUID of the domains or containers being searched for group members. | |
| Repeat | Repeats the trigger. |
| RepeatDuration | Applicable only when the Repeat parameter is applied. It specifies the duration in minutes during which the trigger will repeat. |
| RepeatInterval | Applicable only when the Repeat parameter is applied. It specifies the interval in minutes after which the trigger will start again. |
| Replace | Set-User, Set-Contact, Set-Mailbox It will replace the old value of attribute with newly specified value. |
- Set-Group This setting applies to the AdditionalOwners parameter and lets you entirely overwrite its existing values. The syntax in which the value is entered for this setting is: -Replace @{ AdditionalOwners = "Owner4","Owner5"} -Replace @{ AcceptMessagesOnlyFrom = "User4","User5"} -Replace @{ AcceptMessagesOnlyFromGroups = "Group4","Group5"} -Replace @{ RejectMessagesFrom = "User4","User5"} -Replace @{ AcceptMessagesOnlyFrom = "Group4","Group5"} As the value of replacing objects, the setting accepts all the identities supported by the AdditionalOwners parameter, which is the distinguished name (DN), globally unique identifier (GUID) or samAccountName of the user, contact, or security group. | |
| Set-SmartGroup, Convert-Group, Set-Dynasty This setting applies to the following multi-valued parameters and lets you entirely overwrite all of their existing values. Parameters and the syntax of their values follows: | |
| Parameter | |
| SearchContainers (StartPaths can be used as an alternative name of this parameter for this setting) | |
| IncludeRecipients (Includes can be used as an alternative name of this parameter for this setting) | |
| ExcludeRecipients (Excludes can be used as an alternative name of this parameter for this setting) | |
AdditionalOwners | |
| Only Set-Dynasty has this attribute. | GroupBy |
| AcceptMessagesOnlyFrom (AuthOrig can be used as an alternative name of this parameter for this setting) | |
| AcceptMessagesOnlyFromGroups (DLMemSubmitPerms can be used as an alternative name of this parameter for this setting) | |
| RejectMessagesFrom (UnauthOrig can be used as an alternative name of this parameter for this setting) | |
| RejectMessagesFromGroup (DLMemRejectPerms can be used as an alternative name of this parameter for this setting) | |
| The setting accepts all of the identities supported by the parameter as the value of objects for each parameter. For example, for the SearchContainer parameter, the setting can accept the DN and GUID of the domains or containers being searched for group members. | |
| ReportToManagerEnabled | Specify True to send non-delivery reports to the group owner or manager. The default value is False. |
| ReportToOriginatorEnabled | Specify True to send non-delivery reports to the message originator. The default value is False. |
| RestoreReplication | It will start the restore replication process. |
| RoleCriteriaDN | Specify the criteria for a role. The criteria can be a group or a container. - Group - users that are members of the specified group will be assigned this role. - Container - users who reside in the specified container will be assigned this role. |
| rolecriteriafilters | Specifies the filter criteria for a role. Values to this parameter are supplied as a 3-length array. - The first index contains the filter name which can be one of the 'name' or 'type' representing 'client name' and 'client type' respectively. - The second index contains the operator which can be either 'is exactly' or 'is not'. - The third index contains the value. It can either be the client type or client name, depending on the value in the first index. Example: @('name', 'is exactly', 'automate arslanahmadvm') is a valid filter criteria. However, @('client type', 'is not', 'managementshell') is not valid because the value at first index is not correct. |
| RoleCriteriaOperator | Specify the operator for criteria filters of a role. The operators can be And or Or |
| RoleCriteriaScope | Specify the scope for a role. This parameter can be used in conjunction with RoleCriteriaDN to change the role criteria scope from container to group and vice-versa. |
| RoleDescription | Description of an identity store security role. |
| RoleDisabled | If a new role is created using the Set-IdentityStore commandlet, the role is created as disabled in the identity store. |
| RoleName | Name of an identity store security role. |
| RoleNameToCopy | While creating a new role, specify the name of a role you want to make a copy of. The new role is created using the settings of this role. |
| RoleOperation | While modifying an identity store settings using the Set-IdentityStore commandlet, specify the action to perform on an identity store security role. Possible actions are: - Add - Remove - Remove all |
| RolePermissions | While modifying an identity store settings using the Set-IdentityStore commandlet, specify the permission(s) that are to be granted or denied to the security role. |
| RolePriority | Set a role priority by specifying a value in the range of 1-99. Role priority determines which role is higher than the other, where 1 indicates the highest priority and 99 indicates the lowest priority. |
| RoleReadonly | While modifying an identity store using the Set-IdentityStore commandlet, specify that the role is created as read-only. |
| RoleSystemOnly | While modifying an identity store using the Set-IdentityStore commandlet, specify that the role is created as system only. |
S
| Parameter Name | Description |
|---|---|
| SamAccountName | The logon name for the pre-Windows 2000 versions of operating systems. The value is limited to 24 characters only. |
| ScheduleName | Name of a schedule job to identify a schedule. The schedule job is displayed with this name against the Scheduling node in identity store configurations. |
| Script | The Smart Script for memberships update. The script should be written in Visual Basic .NET in a format recognized by Group Script Editor. Write the script in a separate file, instead of writing the complete script on the shell, and give the path of the script file using the ScriptFilePath setting. If while writing script using this setting, you must use a parameter's value that is enclosed in double-quotes (""), insert an apostrophe (') before every quotation mark. For example, #Region ' "Imanami Generated Code' ". |
| ScriptFilePath | The path to the script file containing Smart Script for memberships update. The script should be written in Visual Basic .NET (having .vb extension) in a format recognized by Group Script Editor. |
| SearchContainer | The distinguished name (DN) or globally unique identifier (GUID) of the domain or one or more containers in which to search for users, contact, group or dynasty members. |
| SearchContainersScopeList | This setting works in conjunction with the SearchContainer setting and sets the scope for the object search. Following are the possible values for this parameter: - 1 (Limits search to the container specified in the SearchContainer parameter and ignores the sub-containers.) - 2 (Searches the whole sub-tree, including the base container specified in the SearchContainer parameter and all its sub-containers. This is also the default setting for this parameter; therefore, if the search scope is not explicitly specified, this value is used.) Although the values are numerical, you must enclose them in double-quotes. For example: "1", "2". |
| SecurityQuestions | Adds a security question in an identity store. |
| SecurityToken | When you the Get-Token command, you get a value against Claims. Provide that value to this parameter. |
| SecurityType | The access level of the group: Private, Semi_Private and Public. If this parameter is not given, the group is created as Private. |
| SendEmail | Specify this parameter to send the password expiry e-mail notifications. The group must have an e-mail address and notifications must be configured. (Applies to Password Expiry group) |
| SendOofMessageToOriginatorEnabled | Specify True to enable the group to send Out-of-Office messages to e-mail senders. The default value is False. |
| SendToOwners | Sends job completion notifications to group owners and additional owners as well as to the other specified recipients. |
| Separator | Specifies a character to use in the display name and the alias to separate group-by values from the each other. |
| Server | The server name for the following data sources, if specified: - Microsoft SQL Driver (Name of the Microsoft SQL Server that contains the database you want to connect to) - Oracle (Name of the Oracle server that contains the database you want to connect to) - Lotus Notes (Name of the Lotus Notes server that contains the database you want to connect to) - Sun ONE iPlanet Driver (DNS name or IP address of SunONE server) |
| SetNotifications | Enables or disables notifications for a scheduled job. |
| ShouldReturnCollection | Specifying this parameter returns a single collection of objects containing all groups |
| SimpleDisplayName | The printable display name for an object. The printable display name is usually the combination of the user's first name, middle initial, and last name. |
| SmartDLNotes | The notes entered here are copied to all smart groups created using Automate. |
| SmartFilter | Adds a smart search filter that applies only on SmartGroups. The smart search filters are: - IsExpired - GroupExpiringIn - SecurityType - ExpirationPolicy. (Functional in Get-Group and Get-Smartgroup commandlets only) |
| SmartGroupType | The type of Smart Group that you want the commandlet to retrieve. Values of this parameter are: - SmartGroup - SmartDynasty Omitting this parameter retrieves both SmartGroups and Dynasties. |
| SmsGatewayName | The name of an SMS gateway. |
| SmtpPassword | This setting works in conjunction with the UseSmtpUserAuthentication, SmtpServer, SmtpUserName, SmtpPort and SmtpSSLEnabled settings and sets the password of the user account to be used for communicating with an external SMTP server. |
| SmtpPort | This setting works in conjunction with the SmtpServer setting and sets the port number to be used for communicating with an SMTP server. |
| SmtpServer | The fully qualified name or IP address of an SMTP server. Directory Manager will route messages through this server. |
| SmtpSSLEnabled | This setting works in conjunction with the SmtpServer, SmtpUserName, SmtpPassword, and SmtpPort settings. Enter True if the external SMTP server is SSL-enabled. |
| SmtpUserName | This setting works in conjunction with the UseSmtpUserAuthentication, SmtpServer, SmtpPassword and SmtpPort settings and sets the e-mail address of the user account to be used for communicating with an external SMTP server. |
| SQLServer | SQL server name on which database of previous Netwrix Directory Manager (formerly GroupID) version is hosted. |
| StartDate | Date from which membership will be started or revoked or removed. |
| SslEnabled | Specify that the SMTP server is SSL enabled. |
| StartTime | Time of the day at which the schedule is triggered. |
| State | The state for a user, contact or mailbox. |
| Storage | Filters the mailboxes to be returned. If specified, only mailboxes on the specified server or mailbox store (Exchange 2007-SP3 and later/2010/2013/2016) will be returned. Custom recipients, public folders and distribution lists are not affected by this filter. Typing an asterisk (*) as a value of this parameter searches all mailboxes on any server. |
| StoreDescription | Description of an identity store. |
| StoreEnabled | Enables or disables an identity store. |
| Subject | The subject of the e-mail notification. |
| Sun_Container | Specify distinguished name (DN) of a container in an external datasource (specifically Sun ONE iPlanet datasource) in Query Designer of a smart group. |
| SupportEmail | The e-mail address of the group or contact providing support to users of Password Center and Self-Service portals. This support e-mail address is set by default for all new portals created using Password Center and Self-Service. |
| SupportURL | The default URL of the online help for Self-Service portals. This URL is set by default for all new portals created using Self-Service. |
| SWAMobileAttribute | The name of the attribute used by Second Way Authentication via mobile. |
| SWAQuestions | The question for security questions based Second Way Authentication. The value to this parameter is supplied as 2-length arrays. The first index contains the question text and the second index contains the name of the attribute for that question. |
| SWAQuestionsOperation | The action to perform on the SWAQuestions parameter. |
| SWAuthenticationFactor | Number of authentication types enforced for the security role. |
| SWEmailAttribute | The name of the attribute used by Second Way Authentication via email. |
| SystemDSN | The System Data Source Name (DSN) to use as the data source, if the value of the DataSourceType parameter is ODBC Data Source. |
T
| Parameter Name | Description |
|---|---|
| TableorView | The table or view name if the value of the DataSourceType parameter is ODBC Data Source, Microsoft SQL Driver or Oracle. |
| TargetOperation | The actions to perform on targets. Possible values are: - Add - Remove |
| Targets | Provide the names of groups and containers the job will process as per the action provided in the TargetOperation parameter. |
| TemplateFile | The path of the template file that the commandlet should use for generating the e-mail contents. |
| Title | Title of a user, contact or mailbox. |
| ToEmail | Recipient of the email notification. |
| TopLevelOnly | Sets whether the search should return matches only from top-level dynasties or includes sub-level dynasties in the search as well. The default value 0 (zero) returns results from the complete hierarchy of dynasties. Specify the value 1 to return matches from only top-level dynasties. |
| TopManager | The distinguished name (DN), globally unique identifier (GUID) or samAccountName of the top-level manager. The commandlet constructs a Managerial Dynasty structure by creating a Smart Group for all direct reports to the selected top-level manager and continues down the Dynasty structure by creating SmartGroups for all direct reports to sublevel managers. (Applies to Managerial Dynasty) |
| TriggerId | Unique identity of a trigger. The ID can be retrieved from the Triggers property of Get-Schedule commandlet. |
| TriggerOperation | The actions to perform on the provided triggers . Possible actions are: - Add - Remove single by id - Remove by type - remove all |
| TriggerType | The trigger type while adding or removing triggers to/from a schedule. This parameter is also used to select a schedule with a particular trigger type. Possible trigger types are: - RunOnce - RunDaily - RunWeekly - RunMonthly - RunMonthlyDOW - OnIdle - OnSystemStart - OnLogon |
| Type | New-Group, New-Dynasty, New-SmartGroup, New-Dynasty, Convert-Group Specifies that the new group or dynasty will be used either for mail distribution (a Distribution group or dynasty) or for securing public folders or other resources (a Security group or Dynasty). Set-Group, Set-SmartGroup, Set-Dynasty The type of the group to be modified. The available types are: Distribution and Security. Add-GroupMember Perpetual, Temporary Member or Addition Pending Remove-GroupMember Removal Pending, Temporary Removed. If no type is given then it will be considered Perpetual remove. |
U
| Parameter Name | Description |
|---|---|
| UpdateChildren | The default value True forces Automate to update the children of a Dynasty when it updates the Dynasty itself. Set its value to False to disable this feature. |
| UpdateMembershipByManagerEnabled | A True value enables the group manager to update the group membership list. The default value is False. |
| Username | The name of the user that will be used for the execution of the commandlet in which it is mentioned. This parameter and the Credentials parameter cannot be used simultaneously in a commandlet. |
| UseSmtpUserAuthentication | Set its value to True to use SMTP authentication for communicating with the SMTP server. The default value is False. The authentication details are provided by the SmtpUserName, SmtpPassword, SmtpPort and SmtpSSLEnabled settings. |
| UseSmtpUserAuthentication | Specify if user authentication of SMTP server is to be used. |
V
| Parameter Name | Description |
|---|---|
| ValidationDateRemovalInterval | Specify the number of days since the last profile validation date. Directory Manager clears the validation date and the policies for new users are applied to this user. |
| Verb | Shows information about commandlets or command elements having the specified verb in their name. Wildcard search is also supported. |
W
| Parameter Name | Description |
|---|---|
| Weekdays | Specify the weekdays for the weekly triggers. Possible values are: - Sunday - Monday - Tuesday - Wednesday - Thursday - Friday - Saturday - AllDays |
| WeeksInterval | Specify weekly interval in weekly triggers i.e. number of weeks after which a scheduled job is repeated. |
| WhenGroupMembershipThresholdReach | Policy to apply when membership change threshold, specified in out-of-bounds configurations, is reached. Possible values are: - PreventUpdation - NestIntoChildGroups |
| WindowsAuthentication | Enables Windows Authentication mode for SQL Server. In Windows Authentication mode, administrators can enable users to log on to the SQL Server using their Windows credentials. |
| WindowsLoggingEvent | Set Directory Manager events for logging in a centralized event log named Imanami GroupID that can be viewed from the Windows Event Viewer. Possible events are: - FailureAudit - SuccessAudit - Info - Warn - Error |
X
| Parameter Name | Description |
|---|---|
| XDaysBeforeLeaveNotificationMB | Specify the number of days. The temporary additional owner / manager of a group receives a notification before the specified number of days he or she is removed as additional owner / manager. |
| XDaysBeforeLeaveNotificationML | Specify the number of days. The user receives a notification before the specified number of days he or she is removed from a group memberships. |
Y
| Parameter Name | Description |
|---|---|
| YearMonths | Specify the months of years for monthly triggers. Possible values are: - January - February - March - April - May - June - July - August - September - October - November - December - AllMonths |
Z
| Parameter Name | Description |
|---|---|
| Zip | The zip code for a user, contact or mailbox. |
Unsupported Parameters
Directory Manager Management Shell does not support common parameters of PowerShell in its commandlets. The common parameters are:
- Debug
- ErrorAction
- ErrorVariable
- InformationAction
- InformationVariable
- OutBuffer
- OutVariable
- PipelineVariable
- Verbose
- WarningAction
- WarningVariable
- Confirm
- WhatIf
- Write-Information
See the about_CommonParameters Microsoft article for details on these parameters.