diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
index cf2a340140..4bb94ac773 100644
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,13 +1,5 @@
-blank_issues_enabled: true
+blank_issues_enabled: false
contact_links:
- - name: What's the Quality Contributions Project?
- url: https://learn.microsoft.com/powershell/scripting/community/contributing/quality-improvements
- about: >-
- If you'd like to commit to improving quality for the documentation, before filing an issue,
- check the info and instructions.
- # - name: PowerShell Product Feedback
- # url: https://github.com/PowerShell/PowerShell/issues/new/choose
- # about: Please open feature requests for current PowerShell here.
- # - name: Support
- # url: https://learn.microsoft.com/powershell/scripting/community/community-support
- # about: PowerShell Support Questions/Help
+ - name: New feedback experience
+ url: https://learn.microsoft.com/office/new-feedback
+ about: We’re transitioning our feedback experience away from GitHub Issues. For more information, select Open.
diff --git a/.github/workflows/AutoLabelAssign.yml b/.github/workflows/AutoLabelAssign.yml
new file mode 100644
index 0000000000..1a30efad7c
--- /dev/null
+++ b/.github/workflows/AutoLabelAssign.yml
@@ -0,0 +1,35 @@
+name: Assign and label PR
+
+permissions:
+ pull-requests: write
+ contents: read
+ actions: read
+
+on:
+ workflow_run:
+ workflows: [Background tasks]
+ types:
+ - completed
+
+jobs:
+ download-payload:
+ name: Download and extract payload artifact
+ uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-ExtractPayload.yml@workflows-prod
+ with:
+ WorkflowId: ${{ github.event.workflow_run.id }}
+ OrgRepo: ${{ github.repository }}
+ secrets:
+ AccessToken: ${{ secrets.GITHUB_TOKEN }}
+
+ label-assign:
+ name: Run assign and label
+ needs: [download-payload]
+ uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-AutoLabelAssign.yml@workflows-prod
+ with:
+ PayloadJson: ${{ needs.download-payload.outputs.WorkflowPayload }}
+ AutoAssignUsers: 1
+ AutoLabel: 1
+ ExcludedUserList: '["user1", "user2"]'
+ ExcludedBranchList: '["branch1", "branch2"]'
+ secrets:
+ AccessToken: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/AutoLabelMsftContributor.yml b/.github/workflows/AutoLabelMsftContributor.yml
new file mode 100644
index 0000000000..7058a420cf
--- /dev/null
+++ b/.github/workflows/AutoLabelMsftContributor.yml
@@ -0,0 +1,34 @@
+name: Auto label Microsoft contributors
+
+permissions:
+ pull-requests: write
+ contents: read
+ actions: read
+
+on:
+ workflow_run:
+ workflows: [Background tasks]
+ types:
+ - completed
+
+jobs:
+ download-payload:
+ if: github.repository_visibility == 'public'
+ name: Download and extract payload artifact
+ uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-ExtractPayload.yml@workflows-prod
+ with:
+ WorkflowId: ${{ github.event.workflow_run.id }}
+ OrgRepo: ${{ github.repository }}
+ secrets:
+ AccessToken: ${{ secrets.GITHUB_TOKEN }}
+
+ label-msft:
+ name: Label Microsoft contributors
+ if: github.repository_visibility == 'public'
+ needs: [download-payload]
+ uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-AutoLabelMsftContributor.yml@workflows-prod
+ with:
+ PayloadJson: ${{ needs.download-payload.outputs.WorkflowPayload }}
+ secrets:
+ AccessToken: ${{ secrets.GITHUB_TOKEN }}
+ TeamReadAccessToken: ${{ secrets.ORG_READTEAMS_TOKEN }}
diff --git a/.github/workflows/BackgroundTasks.yml b/.github/workflows/BackgroundTasks.yml
new file mode 100644
index 0000000000..c0389bb252
--- /dev/null
+++ b/.github/workflows/BackgroundTasks.yml
@@ -0,0 +1,26 @@
+name: Background tasks
+
+permissions:
+ pull-requests: write
+ contents: read
+
+on:
+ pull_request_target:
+
+jobs:
+ upload:
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Save payload data
+ env:
+ PayloadJson: ${{ toJSON(github) }}
+ AccessToken: ${{ github.token }}
+ run: |
+ mkdir -p ./pr
+ echo $PayloadJson > ./pr/PayloadJson.json
+ sed -i -e "s/$AccessToken/XYZ/g" ./pr/PayloadJson.json
+ - uses: actions/upload-artifact@v4
+ with:
+ name: PayloadJson
+ path: pr/
diff --git a/.github/workflows/LiveMergeCheck.yml b/.github/workflows/LiveMergeCheck.yml
new file mode 100644
index 0000000000..56b79b4813
--- /dev/null
+++ b/.github/workflows/LiveMergeCheck.yml
@@ -0,0 +1,19 @@
+name: PR can merge into branch
+
+permissions:
+ pull-requests: write
+ statuses: write
+ contents: read
+
+on:
+ pull_request_target:
+ types: [opened, reopened, synchronize, edited]
+
+jobs:
+
+ live-merge:
+ uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-LiveMergeCheck.yml@workflows-prod
+ with:
+ PayloadJson: ${{ toJSON(github) }}
+ secrets:
+ AccessToken: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/PrFileCount.yml b/.github/workflows/PrFileCount.yml
new file mode 100644
index 0000000000..95fcf5e1ed
--- /dev/null
+++ b/.github/workflows/PrFileCount.yml
@@ -0,0 +1,19 @@
+name: PR file count less than limit
+
+permissions:
+ pull-requests: write
+ statuses: write
+ contents: read
+
+on:
+ pull_request_target:
+ types: [opened, reopened, synchronize, labeled, unlabeled, edited]
+
+jobs:
+
+ file-count:
+ uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-PrFileCount.yml@workflows-prod
+ with:
+ PayloadJson: ${{ toJSON(github) }}
+ secrets:
+ AccessToken: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/ProtectedFiles.yml b/.github/workflows/ProtectedFiles.yml
new file mode 100644
index 0000000000..769cd0aa14
--- /dev/null
+++ b/.github/workflows/ProtectedFiles.yml
@@ -0,0 +1,17 @@
+name: PR has no protected files
+
+permissions:
+ pull-requests: write
+ statuses: write
+ contents: read
+
+on: [pull_request_target]
+
+jobs:
+
+ protected-files:
+ uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-ProtectedFiles.yml@workflows-prod
+ with:
+ PayloadJson: ${{ toJSON(github) }}
+ secrets:
+ AccessToken: ${{ secrets.GITHUB_TOKEN }}
diff --git a/ContentOwners.txt b/ContentOwners.txt
new file mode 100644
index 0000000000..e44f0a60e3
--- /dev/null
+++ b/ContentOwners.txt
@@ -0,0 +1,9 @@
+
+# Each line is a file pattern followed by one or more owners.
+
+# Order is important! The last matching pattern has the most precedence.
+# So if a pull request only touches javascript files, only these owners
+# will be requested to review.
+
+/docset/ @roharwoo
+
diff --git a/TeamsAdmin.png b/TeamsAdmin.png
deleted file mode 100644
index 6f0bc278b0..0000000000
Binary files a/TeamsAdmin.png and /dev/null differ
diff --git a/cabgen-bootstrap.yml b/cabgen-bootstrap.yml
index 51843abfaa..6d83c662c5 100644
--- a/cabgen-bootstrap.yml
+++ b/cabgen-bootstrap.yml
@@ -5,10 +5,10 @@ pr: none # Disable pull request triggers.
resources:
repositories:
- - repository: templates
+ - repository: ReferenceAutomation
type: git
name: Content CI/ReferenceAutomation
ref: refs/heads/master
extends:
- template: PowerShell/cabgen.yml@templates
\ No newline at end of file
+ template: PowerShell/cabgen.yml@ReferenceAutomation
diff --git a/docset/docfx.json b/docset/docfx.json
index c6034818fa..dc6f5e5683 100644
--- a/docset/docfx.json
+++ b/docset/docfx.json
@@ -1,44 +1,52 @@
{
"build": {
"content": [
- { "files": [ "toc.yml" ], "src": "bread", "dest": "windows/bread" },
+ { "dest": "windows/bread", "files": [ "toc.yml" ], "src": "bread" },
- { "files": [ "**/*.md" ], "src": "docs-conceptual/winserver2022-ps", "version": "WindowsServer2022-ps", "dest": "windows" },
- { "files": [ "toc.yml" ], "src": "docs-conceptual/winserver2022-ps", "version": "WindowsServer2022-ps", "dest": "winserver2022-ps" },
- { "files": [ "**/*.yml" ], "exclude": [ "toc.yml" ], "src": "winserver2022-ps", "version": "WindowsServer2022-ps", "dest": "module" },
- { "files": [ "toc.yml" ], "src": "winserver2022-ps", "version": "WindowsServer2022-ps", "dest": "module/WindowsServer2022-ps" },
+ { "dest": "windows", "files": [ "**/*.md" ], "src": "docs-conceptual/winserver2025-ps", "version": "WindowsServer2025-ps" },
+ { "dest": "winserver2025-ps", "files": [ "toc.yml" ], "src": "docs-conceptual/winserver2025-ps", "version": "WindowsServer2025-ps" },
+ { "dest": "module", "exclude": [ "toc.yml" ], "files": [ "**/*.yml", "**/About/*.md" ], "src": "winserver2025-ps", "version": "WindowsServer2025-ps" },
+ { "dest": "module/WindowsServer2025-ps", "files": [ "toc.yml" ], "src": "winserver2025-ps", "version": "WindowsServer2025-ps" },
- { "files": [ "**/*.md" ], "src": "docs-conceptual/winserver2019-ps", "version": "WindowsServer2019-ps", "dest": "windows" },
- { "files": [ "toc.yml" ], "src": "docs-conceptual/winserver2019-ps", "version": "WindowsServer2019-ps", "dest": "winserver2019-ps" },
- { "files": [ "**/*.yml" ], "exclude": [ "toc.yml" ], "src": "winserver2019-ps", "version": "WindowsServer2019-ps", "dest": "module" },
- { "files": [ "toc.yml" ], "src": "winserver2019-ps", "version": "WindowsServer2019-ps", "dest": "module/WindowsServer2019-ps" },
+ { "dest": "windows", "files": [ "**/*.md" ], "src": "docs-conceptual/winserver2022-ps", "version": "WindowsServer2022-ps" },
+ { "dest": "winserver2022-ps", "files": [ "toc.yml" ], "src": "docs-conceptual/winserver2022-ps", "version": "WindowsServer2022-ps" },
+ { "dest": "module", "exclude": [ "toc.yml" ], "files": [ "**/*.yml", "**/About/*.md" ], "src": "winserver2022-ps", "version": "WindowsServer2022-ps" },
+ { "dest": "module/WindowsServer2022-ps", "files": [ "toc.yml" ], "src": "winserver2022-ps", "version": "WindowsServer2022-ps" },
- { "files": [ "**/*.md" ], "src": "docs-conceptual/winserver2016-ps", "version": "WindowsServer2016-ps", "dest": "windows" },
- { "files": [ "toc.yml" ], "src": "docs-conceptual/winserver2016-ps", "version": "WindowsServer2016-ps", "dest": "windows" },
- { "files": [ "**/*.yml" ], "exclude": [ "toc.yml" ], "src": "winserver2016-ps", "version": "WindowsServer2016-ps", "dest": "module" },
- { "files": [ "toc.yml" ], "src": "winserver2016-ps", "version": "WindowsServer2016-ps", "dest": "module/WindowsServer2016-ps" },
+ { "dest": "windows", "files": [ "**/*.md" ], "src": "docs-conceptual/winserver2019-ps", "version": "WindowsServer2019-ps" },
+ { "dest": "winserver2019-ps", "files": [ "toc.yml" ], "src": "docs-conceptual/winserver2019-ps", "version": "WindowsServer2019-ps" },
+ { "dest": "module", "exclude": [ "toc.yml" ], "files": [ "**/*.yml", "**/About/*.md" ], "src": "winserver2019-ps", "version": "WindowsServer2019-ps" },
+ { "dest": "module/WindowsServer2019-ps", "files": [ "toc.yml" ], "src": "winserver2019-ps", "version": "WindowsServer2019-ps" },
- { "files": [ "**/*.md" ], "src": "docs-conceptual/winserver2012-ps", "version": "winserver2012-ps", "dest": "windows" },
- { "files": [ "toc.yml" ], "src": "docs-conceptual/winserver2012-ps", "version": "winserver2012-ps", "dest": "winserver2012-ps" },
- { "files": [ "**/*.yml" ], "exclude": [ "toc.yml" ], "src": "winserver2012-ps", "version": "winserver2012-ps", "dest": "module" },
- { "files": [ "toc.yml" ], "src": "winserver2012-ps", "version": "winserver2012-ps", "dest": "module/winserver2012-ps" },
+ { "dest": "windows", "files": [ "**/*.md" ], "src": "docs-conceptual/winserver2016-ps", "version": "WindowsServer2016-ps" },
+ { "dest": "windows", "files": [ "toc.yml" ], "src": "docs-conceptual/winserver2016-ps", "version": "WindowsServer2016-ps" },
+ { "dest": "module", "exclude": [ "toc.yml" ], "files": [ "**/*.yml", "**/About/*.md" ], "src": "winserver2016-ps", "version": "WindowsServer2016-ps" },
+ { "dest": "module/WindowsServer2016-ps", "files": [ "toc.yml" ], "src": "winserver2016-ps", "version": "WindowsServer2016-ps" },
- { "files": [ "**/*.md" ], "src": "docs-conceptual/winserver2012r2-ps", "version": "winserver2012r2-ps", "dest": "windows" },
- { "files": [ "toc.yml" ], "src": "docs-conceptual/winserver2012r2-ps", "version": "winserver2012r2-ps", "dest": "winserver2012r2-ps" },
- { "files": [ "**/*.yml" ], "exclude": [ "toc.yml" ], "src": "winserver2012r2-ps", "version": "winserver2012r2-ps", "dest": "module" },
- { "files": [ "toc.yml" ], "src": "winserver2012r2-ps", "version": "winserver2012r2-ps", "dest": "module/winserver2012r2-ps" },
+ { "dest": "windows", "files": [ "**/*.md" ], "src": "docs-conceptual/winserver2012-ps", "version": "winserver2012-ps" },
+ { "dest": "winserver2012-ps", "files": [ "toc.yml" ], "src": "docs-conceptual/winserver2012-ps", "version": "winserver2012-ps" },
+ { "dest": "module", "exclude": [ "toc.yml" ], "files": [ "**/*.yml", "**/About/*.md" ], "src": "winserver2012-ps", "version": "winserver2012-ps" },
+ { "dest": "module/winserver2012-ps", "files": [ "toc.yml" ], "src": "winserver2012-ps", "version": "winserver2012-ps" },
- { "files": [ "**/*.md" ], "src": "docs-conceptual/mdop", "version": "win-mdop2-ps", "dest": "mdop" },
- { "files": [ "toc.yml" ], "src": "docs-conceptual/mdop", "version": "win-mdop2-ps", "dest": "mdop/win-mdop2-ps" },
- { "files": [ "**/*.yml" ], "exclude": [ "toc.yml" ], "src": "mdop", "version": "win-mdop2-ps", "dest": "module" },
- { "files": [ "toc.yml" ], "src": "mdop", "version": "win-mdop2-ps", "dest": "module/win-mdop2-ps" },
+ { "dest": "windows", "files": [ "**/*.md" ], "src": "docs-conceptual/winserver2012r2-ps", "version": "winserver2012r2-ps" },
+ { "dest": "winserver2012r2-ps", "files": [ "toc.yml" ], "src": "docs-conceptual/winserver2012r2-ps", "version": "winserver2012r2-ps" },
+ { "dest": "module", "exclude": [ "toc.yml" ], "files": [ "**/*.yml", "**/About/*.md" ], "src": "winserver2012r2-ps", "version": "winserver2012r2-ps" },
+ { "dest": "module/winserver2012r2-ps", "files": [ "toc.yml" ], "src": "winserver2012r2-ps", "version": "winserver2012r2-ps" },
- { "files": [ "**/*.md" ], "src": "virtual-directory-module", "dest": "module" }
+ { "dest": "mdop", "files": [ "**/*.md" ], "src": "docs-conceptual/mdop", "version": "win-mdop2-ps" },
+ { "dest": "mdop/win-mdop2-ps", "files": [ "toc.yml" ], "src": "docs-conceptual/mdop", "version": "win-mdop2-ps" },
+ { "dest": "module", "exclude": [ "toc.yml" ], "files": [ "**/*.yml" ], "src": "mdop", "version": "win-mdop2-ps" },
+ { "dest": "module/win-mdop2-ps", "files": [ "toc.yml" ], "src": "mdop", "version": "win-mdop2-ps" },
+
+ { "dest": "module", "files": [ "**/*.md" ], "src": "virtual-directory-module" }
],
"resource": [
{ "files": [ "**/*.png", "**/*.jpg" ], "exclude": [ "**/obj/**", "**/includes/**" ] }
],
"versions": {
+ "WindowsServer2025-ps": {
+ "dest": "winserver2025-ps"
+ },
"WindowsServer2022-ps": {
"dest": "winserver2022-ps"
},
@@ -66,14 +74,13 @@
"apiPlatform": "powershell",
"ROBOTS": "INDEX, FOLLOW",
"breadcrumb_path": "/powershell/windows/bread/toc.json",
- "ms.prod": "w10",
+ "ms.service": "windows-11",
"ms.topic": "managed-reference",
"ms.author": "jgerend",
"author": "JasonGerend",
"manager": "femila",
- "feedback_system": "GitHub",
- "feedback_github_repo": "MicrosoftDocs/windows-powershell-docs",
- "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
+ "feedback_system": "Standard",
+ "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
"contributors_to_exclude": [
"rjagiewich",
"traya1",
@@ -84,7 +91,7 @@
"garycentric",
"AngelaMotherofDragons",
"dstrome",
- "v-dihans",
+ "v-dihans",
"sdwheeler",
"Stacyrch140",
"v-stsavell",
@@ -106,6 +113,14 @@
"https://authoring-docs-microsoft.poolparty.biz/devrel/56936876-97d9-45cc-ad1b-9d63320447c8",
"https://authoring-docs-microsoft.poolparty.biz/devrel/211bc889-ad71-4c77-b1cd-8ea0d02263f9"
],
+ "winserver2025-ps/**/*.md": [
+ "https://authoring-docs-microsoft.poolparty.biz/devrel/56936876-97d9-45cc-ad1b-9d63320447c8",
+ "https://authoring-docs-microsoft.poolparty.biz/devrel/56754133-c3c3-4a9f-af19-71bdbe19fccf"
+ ],
+ "winserver2025-ps/**/*.yml": [
+ "https://authoring-docs-microsoft.poolparty.biz/devrel/56936876-97d9-45cc-ad1b-9d63320447c8",
+ "https://authoring-docs-microsoft.poolparty.biz/devrel/56754133-c3c3-4a9f-af19-71bdbe19fccf"
+ ],
"winserver2022-ps/**/*.md": [
"https://authoring-docs-microsoft.poolparty.biz/devrel/56936876-97d9-45cc-ad1b-9d63320447c8",
"https://authoring-docs-microsoft.poolparty.biz/devrel/56754133-c3c3-4a9f-af19-71bdbe19fccf"
diff --git a/docset/docs-conceptual/winserver2016-ps/module-compatibility.md b/docset/docs-conceptual/winserver2016-ps/module-compatibility.md
index 29d3a1bc07..d8e2578a7d 100644
--- a/docset/docs-conceptual/winserver2016-ps/module-compatibility.md
+++ b/docset/docs-conceptual/winserver2016-ps/module-compatibility.md
@@ -1,9 +1,9 @@
---
description: This article lists the status of PowerShell 7 with Powershell modules published for other Microsoft products.
-ms.date: 06/05/2023
+ms.date: 02/07/2024
title: PowerShell 7 module compatibility
---
-# PowerShell 7 module compatibility
+# PowerShell 7 module compatibility in Windows Server 2016
This article contains a list of PowerShell modules published by Microsoft. These modules provide
management and support for various Microsoft products and services. They have been updated to work
diff --git a/docset/docs-conceptual/winserver2016-ps/toc.yml b/docset/docs-conceptual/winserver2016-ps/toc.yml
index d9017bd563..1c712f011c 100644
--- a/docset/docs-conceptual/winserver2016-ps/toc.yml
+++ b/docset/docs-conceptual/winserver2016-ps/toc.yml
@@ -1,5 +1,5 @@
items:
- name: Windows PowerShell
href: get-started.md
- - name: PowerShell 7 compatibility
+ - name: PowerShell 7 compatibility in Windows Server 2016
href: module-compatibility.md
\ No newline at end of file
diff --git a/docset/docs-conceptual/winserver2019-ps/module-compatibility.md b/docset/docs-conceptual/winserver2019-ps/module-compatibility.md
index 29d3a1bc07..fbb04d8773 100644
--- a/docset/docs-conceptual/winserver2019-ps/module-compatibility.md
+++ b/docset/docs-conceptual/winserver2019-ps/module-compatibility.md
@@ -3,7 +3,7 @@ description: This article lists the status of PowerShell 7 with Powershell modul
ms.date: 06/05/2023
title: PowerShell 7 module compatibility
---
-# PowerShell 7 module compatibility
+# PowerShell 7 module compatibility in Windows Server 2019
This article contains a list of PowerShell modules published by Microsoft. These modules provide
management and support for various Microsoft products and services. They have been updated to work
diff --git a/docset/docs-conceptual/winserver2019-ps/toc.yml b/docset/docs-conceptual/winserver2019-ps/toc.yml
index d9017bd563..50463bfac7 100644
--- a/docset/docs-conceptual/winserver2019-ps/toc.yml
+++ b/docset/docs-conceptual/winserver2019-ps/toc.yml
@@ -1,5 +1,5 @@
items:
- name: Windows PowerShell
href: get-started.md
- - name: PowerShell 7 compatibility
+ - name: PowerShell 7 compatibility in Windows Server 2019
href: module-compatibility.md
\ No newline at end of file
diff --git a/docset/docs-conceptual/winserver2022-ps/get-started.md b/docset/docs-conceptual/winserver2022-ps/get-started.md
index 8f42ff39ac..6583609ba7 100644
--- a/docset/docs-conceptual/winserver2022-ps/get-started.md
+++ b/docset/docs-conceptual/winserver2022-ps/get-started.md
@@ -1,16 +1,16 @@
---
-description: Use this topic to help manage Windows 10 and Windows Server 2022 technologies with Windows PowerShell.
-ms.date: 03/29/2021
-title: Windows 10 and Windows Server 2019
+description: Use this topic to help manage Windows 11 and Windows Server 2022 technologies with Windows PowerShell.
+ms.date: 02/07/2024
+title: Windows 11 and Windows Server 2022
---
-# Windows 10 and Windows Server 2022
+# Windows 11 and Windows Server 2022
-This topic lists the Windows PowerShell modules included with Windows Server 2022 and Windows 10.
+This topic lists the Windows PowerShell modules included with Windows Server 2022 and Windows 11.
The Windows PowerShell modules in the list support automating the features of those versions of the
Windows operating system and provide links to the cmdlet references for each module. These modules
enable you to use Windows PowerShell to administer, maintain, configure, and develop new features
-for Windows Server 2019 and Windows 10.
+for Windows Server 2022 and Windows 11.
The table below also shows the latest published version of the Help for each module. The Help is
available through the links below, or as Updatable Help files. Updatable Help was introduced with
diff --git a/docset/docs-conceptual/winserver2022-ps/module-compatibility.md b/docset/docs-conceptual/winserver2022-ps/module-compatibility.md
index 7a7ae20384..87f9146fd9 100644
--- a/docset/docs-conceptual/winserver2022-ps/module-compatibility.md
+++ b/docset/docs-conceptual/winserver2022-ps/module-compatibility.md
@@ -1,9 +1,9 @@
---
description: This article lists the status of PowerShell 7 with Powershell modules published for other Microsoft products.
-ms.date: 06/05/2023
+ms.date: 02/07/2024
title: PowerShell 7 module compatibility
---
-# PowerShell 7 module compatibility
+# PowerShell 7 module compatibility in Windows Server 2022
This article contains a list of PowerShell modules published by Microsoft. These modules provide
management and support for various Microsoft products and services. They have been updated to work
diff --git a/docset/docs-conceptual/winserver2022-ps/toc.yml b/docset/docs-conceptual/winserver2022-ps/toc.yml
index d9017bd563..916022e44b 100644
--- a/docset/docs-conceptual/winserver2022-ps/toc.yml
+++ b/docset/docs-conceptual/winserver2022-ps/toc.yml
@@ -1,5 +1,5 @@
items:
- name: Windows PowerShell
href: get-started.md
- - name: PowerShell 7 compatibility
+ - name: PowerShell 7 compatibility in Windows Server 2022
href: module-compatibility.md
\ No newline at end of file
diff --git a/docset/docs-conceptual/winserver2025-ps/get-started.md b/docset/docs-conceptual/winserver2025-ps/get-started.md
new file mode 100644
index 0000000000..cc21136f0a
--- /dev/null
+++ b/docset/docs-conceptual/winserver2025-ps/get-started.md
@@ -0,0 +1,145 @@
+---
+description: Use this topic to help manage Windows 11 and Windows Server 2025 technologies with Windows PowerShell.
+ms.date: 02/07/2024
+title: Windows 11 and Windows Server 2025 (preview)
+---
+
+# Windows 11 and Windows Server 2025 (preview)
+
+This topic lists the Windows PowerShell modules included with Windows Server 2025 and Windows 11.
+The Windows PowerShell modules in the list support automating the features of those versions of the
+Windows operating system and provide links to the cmdlet references for each module. These modules
+enable you to use Windows PowerShell to administer, maintain, configure, and develop new features
+for Windows Server 2025 and Windows 11.
+
+The table below also shows the latest published version of the Help for each module. The Help is
+available through the links below, or as Updatable Help files. Updatable Help was introduced with
+Windows PowerShell 3.0 and enables you to have the latest Help topics available locally on your
+computer. For more information, see
+[about_Updatable_Help](/powershell/module/microsoft.powershell.core/about/about_updatable_help).
+
+| Module name | Title and link to Web version |
+| - | - |
+| ActiveDirectory | [Active Directory Domain Services Administration](/powershell/module/activedirectory) |
+| ADCSAdministration | [Active Directory Certificate Services Administration](/powershell/module/adcsadministration) |
+| ADCSDeployment | [Active Directory Certificate Services Deployment](/powershell/module/adcsdeployment) |
+| ADDSDeployment | [Active Directory Domain Services Deployment](/powershell/module/addsdeployment) |
+| ADFS | [Active Directory Federation Services](/powershell/module/adfs) |
+| ADRMSAdmin | [Active Directory Rights Management Services Administration](/powershell/module/adrmsadmin) |
+| ADRMS | [Active Directory Rights Management Services Deployment](/powershell/module/adrms) |
+| AppBackgroundTask | [App Background Task](/powershell/module/appbackgroundtask) |
+| AppLocker | [AppLocker](/powershell/module/applocker) |
+| AppvClient | [App-V Client](/powershell/module/appvclient) |
+| AppvSequencer | [App-V Sequencer](/powershell/module/appvsequencer) |
+| Appx | [Appx](/powershell/module/appx) |
+| AssignedAccess | [Assigned Access](/powershell/module/assignedaccess) |
+| BestPractices | [Best Practices Analyser](/powershell/module/bestpractices) |
+| BitLocker | [BitLocker](/powershell/module/bitlocker) |
+| BitsTransfer | [Background Intelligent Transfer Service](/powershell/module/bitstransfer) |
+| BootEventCollector | [Boot Event Collector](/powershell/module/booteventcollector) |
+| BranchCache | [Branch Cache](/powershell/module/branchcache) |
+| ClusterAwareUpdating | [Cluster Aware Updating](/powershell/module/clusterawareupdating) |
+| ConfigCI | [Code Integrity](/powershell/module/configci) |
+| DcbQos | [Data Center Bridging Quality of Service](/powershell/module/dcbqos) |
+| Deduplication | [Data Deduplication](/powershell/module/deduplication) |
+| Defender | [Windows Defender](/powershell/module/defender) |
+| DeviceHealthAttestion | [Device Health Attestation](/powershell/module/devicehealthattestation) |
+| Dfsn | [Distributed File System (DFS) Namespaces](/powershell/module/dfsn/) |
+| Dfsr | [DFS Replication](/powershell/module/dfsr) |
+| DHCPServer | [DHCP Server](/powershell/module/dhcpserver) |
+| DirectAccessClientComponent | [Direct Access client](/powershell/module/directaccessclientcomponents) |
+| DISM | [DISM](/powershell/module/dism) |
+| DNSClient | [DNS client](/powershell/module/dnsclient) |
+| DNSServer | [DNS Server](/powershell/module/dnsserver) |
+| EventTracingManagement | [EventTracingManagement](/powershell/module/eventtracingmanagement) |
+| FailoverClusters | [Failover clusters](/powershell/module/failoverclusters) |
+| FileServerResourceManager | [File Server Resource Manager](/powershell/module/fileserverresourcemanager) |
+| GroupPolicy | [Group Policy](/powershell/module/grouppolicy) |
+| HardwareCertification | [Hardware Certification](/powershell/module/hardwarecertification) |
+| HgsAttestation | [Host Guardian Service Attestation](/powershell/module/hgsattestation) |
+| HgsClient | [Host Guardian Service Client](/powershell/module/hgsclient) |
+| HgsDiagnostics | [Host Guardian Service Diagnostics](/powershell/module/hgsdiagnostics) |
+| HgsKeyProtection | [Host Guardian Service Key Protection](/powershell/module/hgskeyprotection) |
+| HgsServer | [Host Guardian Service Server](/powershell/module/hgsserver) |
+| HostComputeService | [Containers](/powershell/module/hostcomputeservice)|
+| HNVDiagnostics | [HNV Diagnostics](/powershell/module/hnvdiagnostics) |
+| Hyper-V | [Hyper-V](/powershell/module/hyper-v) |
+| IISAdministration | [IIS Administration](/powershell/module/iisadministration) |
+| International | [International](/powershell/module/international) |
+| IpamServer | [IP Address Management Server](/powershell/module/ipamserver) |
+| Iscsi | [iSCSI](/powershell/module/iscsi) |
+| IscsiTarget | [iSCSI Target](/powershell/module/iscsitarget) |
+| KDS | [Key Distribution Server](/powershell/module/kds) |
+| MMAgent | [Memory Management Agent](/powershell/module/mmagent) |
+| Mpio | [MPIO](/powershell/module/mpio) |
+| MSDTC | [Distributed Transaction Coordinator](/powershell/module/msdtc) |
+| Msmq | [MSMQ](/powershell/module/msmq) |
+| Multipoint | [MultiPoint Services](/powershell/module/multipoint) |
+| MultiPointVdi | [Multipoint VDI](/powershell/module/multipointvdi) |
+| NanoServerImageGenerator | [Nano Server Image Generator](/powershell/module/nanoserverimagegenerator) |
+| NetLldpAgent | [NetLldpAgent](/powershell/module/netlldpagent) |
+| NetAdapter | [Network Adapter](/powershell/module/netadapter) |
+| NetConnection | [Network connection](/powershell/module/netconnection) |
+| NetEventPacketCapture | [Network Event Packet Capture](/powershell/module/neteventpacketcapture) |
+| NetLbfo | [NIC Teaming](/powershell/module/netlbfo) |
+| NetNat | [Network Address Translation](/powershell/module/netnat) |
+| NetQoS | [Quality of Service](/powershell/module/netqos) |
+| NetSecurity | [Network security](/powershell/module/netsecurity) |
+| NetTCPIP | [TCP/IP](/powershell/module/nettcpip) |
+| NetWNV | [Network Virtualization](/powershell/module/netwnv) |
+| NetworkConnectivityStatus | [Network connectivity status](/powershell/module/networkconnectivitystatus) |
+| NetworkController | [Network Controller](/powershell/module/networkcontroller) |
+| NetworkControllerDiagnostics | [Network Controller diagnostics](/powershell/module/networkcontrollerdiagnostics) |
+| NetworkLoadBalancingClusters | [Network Load Balancing Clusters](/powershell/module/networkloadbalancingclusters) |
+| NetworkSwitchManager | [Network Switch Manager](/powershell/module/networkswitchmanager) |
+| NetSwitchTeam | [Network Switch Team](/powershell/module/netswitchteam) |
+| NetworkTransition | [Network Transition](/powershell/module/networktransition) |
+| NFS | [Network File System](/powershell/module/nfs) |
+| NPS | [Network Policy Server](/powershell/module/nps) |
+| PCSVDevice | [Physical Computer System View device](/powershell/module/pcsvdevice) |
+| PKIClient | [Public Key Infrastructure](/powershell/module/pki) |
+| PlatformIdentifier | [Platform Identifier](/powershell/module/platformidentifier) |
+| PnpDevice | [Plug and Play](/powershell/module/pnpdevice) |
+| PrintManagement | [Print management](/powershell/module/printmanagement) |
+| ProcessMitigations | [Process Mitigations](/powershell/module/processmitigations) |
+| RemoteAccess | [Remote access](/powershell/module/remoteaccess/) |
+| RemoteDesktop | [Remote Desktop](/powershell/module/remotedesktop) |
+| RemoteDesktopServices | [Remote Desktop Services](/powershell/module/remotedesktopservices) |
+| ScheduledTasks | [Scheduled Tasks](/powershell/module/scheduledtasks) |
+| SecureBoot | [Secure Boot](/powershell/module/secureboot) |
+| ServerCore | [Server Core](/powershell/module/servercore) |
+| ServerManager | [Server Manager](/powershell/module/servermanager) |
+| ServerManagerTasks | [Server Manager tasks](/powershell/module/servermanagertasks) |
+| ShieldedVMDataFile | [Shielded Virtual Machine data file](/powershell/module/shieldedvmdatafile) |
+| ShieldedVMProvisioning | [Shielded Virtual Machine provisioning](/powershell/module/shieldedvmcmdlets/) |
+| ShieldedVMTemplate | [Shielded Virtual Machine template](/powershell/module/shieldedvmtemplate) |
+| SmbShare | [SmbShare share](/powershell/module/smbshare) |
+| SmbWitness | [SMB Witness](/powershell/module/smbwitness) |
+| SMISConfig | [SMIS Config](/powershell/module/smisconfig) |
+| SoftwareInventoryLogging | [Software Inventory Logging](/powershell/module/softwareinventorylogging) |
+| StartLayout | [Start Layout](/powershell/module/startlayout) |
+| Storage | [Storage](/powershell/module/storage) |
+| StorageQoS | [Storage QoS](/powershell/module/storageqos) |
+| StorageReplica | [Storage Replica](/powershell/module/storagereplica) |
+| SyncShare | [Sync Share](/powershell/module/syncshare) |
+| TCPIP | [TCPIP](/powershell/module/nettcpip)
+| TLS | [TLS](/powershell/module/tls) |
+| TroubleshootingPack | [Troubleshooting Pack](/powershell/module/troubleshootingpack) |
+| TrustedPlatformModule | [Trusted Platform Module](/powershell/module/trustedplatformmodule) |
+| UpdateServices | [Windows Server Update Services](/powershell/module/updateservices/) |
+| UserAccessLogging | [User Access Logging](/powershell/module/useraccesslogging/) |
+| UEV | [User Experience Virtualization](/powershell/module/uev) |
+| VAMT | [Volume Activation Management Tool](/powershell/module/vamt) |
+| VpnClient | [VPN client](/powershell/module/vpnclient) |
+| WDAC | [Windows Data Access Components](/powershell/module/wdac) |
+| WebAdministration | [Web Administration](/powershell/module/webadministration) |
+| WebApplicationProxy | [Web Application Proxy](/powershell/module/webapplicationproxy) |
+| WDS | [Windows Deployment Services](/powershell/module/wds) |
+| WHEA | [Windows Hardware Error Architecture](/powershell/module/whea) |
+| WindowsDevLic | [Windows Developer License](/powershell/module/windowsdeveloperlicense) |
+| WindowsErrorReporting | [Windows Error Reporting](/powershell/module/windowserrorreporting) |
+| WindowsSearch | [Windows Search](/powershell/module/windowssearch) |
+| WindowsServerBackup | [Windows Server Backup](/powershell/module/windowsserverbackup) |
+| WindowsUpdate | [Windows Update](/powershell/module/windowsupdate) |
+
+You can also find these modules by searching the [PowerShell Module Browser](/powershell/module/).
diff --git a/docset/docs-conceptual/winserver2025-ps/module-compatibility.md b/docset/docs-conceptual/winserver2025-ps/module-compatibility.md
new file mode 100644
index 0000000000..97a146a4fd
--- /dev/null
+++ b/docset/docs-conceptual/winserver2025-ps/module-compatibility.md
@@ -0,0 +1,214 @@
+---
+description: This article lists the status of PowerShell 7 with Powershell modules published for other Microsoft products.
+ms.date: 02/07/2024
+title: PowerShell 7 module compatibility in Windows Server 2025
+---
+# PowerShell 7 module compatibility in Windows Server 2025
+
+This article contains a list of PowerShell modules published by Microsoft. These modules provide
+management and support for various Microsoft products and services. They have been updated to work
+natively with PowerShell 7, or tested for compatibility with PowerShell 7. This list will be updated
+with new information as more modules are identified and tested.
+
+If you have information to share or issues with specific modules, please submit feedback in the
+Windows Feedback Hub. For more information, see
+[Send feedback to Microsoft with the Feedback Hub app][06].
+
+## Windows management modules
+
+The Windows management modules are installed in different ways, dependent on the Edition of Windows,
+and how the module was packaged for that Edition.
+
+On Windows Server, use the feature name with the [Install-WindowsFeature][05] cmdlet as an
+Administrator. For example:
+
+```powershell
+Install-WindowsFeature -Name ActiveDirectory
+```
+
+On Windows 10, the Windows management modules are made available as **Windows Optional Features** or
+**Windows Capabilities**. The following commands must be run from an elevated session using **Run as
+administrator**.
+
+- For Windows Optional Features
+
+ To get a list of Optional Features, run the following command:
+
+ ```powershell
+ Get-WindowsOptionalFeature -Online
+ ```
+
+ To install the feature:
+
+ ```powershell
+ Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-Management-PowerShell
+ ```
+
+ For more information see:
+
+ - [Get-WindowsOptionalFeature][04]
+ - [Enable-WindowsOptionalFeature][02]
+
+- For Windows Capabilities
+
+ To get a list of Windows Capabilities, run the following command:
+
+ ```powershell
+ Get-WindowsCapability -online
+ ```
+
+ Notice that the name of the capability package ends with `~~~~0.0.1.0`. You must use the full name
+ to install the capability:
+
+ ```powershell
+ Add-WindowsCapability -Online -Name Rsat.ServerManager.Tools~~~~0.0.1.0
+ ```
+
+ For more information see:
+
+ - [Get-WindowsCapability][03]
+ - [Add-WindowsCapability][01]
+
+### Module list
+
+| Module name | Status | Supported OS |
+| ---------------------------------- | ------------------------------------ | ------------------------------------------------------------------------------------------------------------------- |
+| ActiveDirectory | Natively Compatible | Windows Server 1809+ with RSAT-AD-PowerShell Windows 10 1809+ with Rsat.ActiveDirectory.DS-LDS.Tools |
+| ADDSDeployment | Works with Compatibility Layer | Windows Server 2019 1809+ |
+| ADFS | Untested with Compatibility Layer | |
+| AppBackgroundTask | Natively Compatible | Windows 10 1903+ |
+| AppLocker | Untested with Compatibility Layer | |
+| AppvClient | Untested with Compatibility Layer | |
+| Appx | Natively Compatible** | Windows Server 1809+ Windows 10 1809+ **Must use Compatibility Layer with PowerShell 7.1 |
+| AssignedAccess | Natively Compatible | Windows 10 1809+ |
+| BestPractices | Not Supported by Compatibility Layer | |
+| BitLocker | Natively Compatible | Windows Server 1809+ with BitLocker Windows 10 1809+ |
+| BitsTransfer | Natively Compatible | Windows Server 20H1 Windows 10 20H1 |
+| BootEventCollector | Untested with Compatibility Layer | |
+| BranchCache | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| CimCmdlets | Natively Compatible | Built into PowerShell 7 |
+| ClusterAwareUpdating | Untested with Compatibility Layer | |
+| ConfigCI | Untested with Compatibility Layer | |
+| Defender | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| DeliveryOptimization | Natively Compatible | Windows Server 1903+ Windows 10 1903+ |
+| DFSN | Natively Compatible | Windows Server 1809+ with FS-DFS-Namespace Windows 10 1809+ with Rsat.FailoverCluster.Management.Tools |
+| DFSR | Untested with Compatibility Layer | |
+| DhcpServer | Untested with Compatibility Layer | |
+| DirectAccessClientComponents | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| Dism | Natively Compatible | Windows Server 1903+ Windows 10 1903+ |
+| DnsClient | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| DnsServer | Natively Compatible | Windows Server 1809+ with DNS or RSAT-DNS-Server Windows 10 1809+ with Rsat.Dns.Tools |
+| EventTracingManagement | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| FailoverClusters | Untested with Compatibility Layer | |
+| FailoverClusterSet | Untested with Compatibility Layer | |
+| FileServerResourceManager | Natively Compatible | Windows Server 1809+ with FS-Resource-Manager |
+| GroupPolicy | Untested with Compatibility Layer | |
+| HgsClient | Natively Compatible | Windows Server 1903+ with Hyper-V or RSAT-Shielded-VM-Tools Windows 10 1903+ with Rsat.Shielded.VM.Tools |
+| HgsDiagnostics | Natively Compatible | Windows Server 1809+ with Hyper-V or RSAT-Shielded-VM-Tools Windows 10 1809+ with Rsat.Shielded.VM.Tools |
+| Hyper-V | Natively Compatible | Windows Server 1809+ with Hyper-V-PowerShell Windows 10 1809+ with Microsoft-Hyper-V-Management-PowerShell |
+| IISAdministration | Untested with Compatibility Layer | |
+| International | Natively Compatible | Windows Server 1903+ Windows 10 1903+ |
+| IpamServer | Untested with Compatibility Layer | |
+| iSCSI | Untested with Compatibility Layer | |
+| IscsiTarget | Untested with Compatibility Layer | |
+| ISE | Untested with Compatibility Layer | |
+| Kds | Natively Compatible | Windows Server 20H1 Windows 10 20H1 |
+| Microsoft.PowerShell.Archive | Natively Compatible | Built into PowerShell 7 |
+| Microsoft.PowerShell.Diagnostics | Natively Compatible | Built into PowerShell 7 |
+| Microsoft.PowerShell.Host | Natively Compatible | Built into PowerShell 7 |
+| Microsoft.PowerShell.LocalAccounts | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| Microsoft.PowerShell.Management | Natively Compatible | Built into PowerShell 7 |
+| Microsoft.PowerShell.ODataUtils | Untested with Compatibility Layer | |
+| Microsoft.PowerShell.Security | Natively Compatible | Built into PowerShell 7 |
+| Microsoft.PowerShell.Utility | Natively Compatible | Built into PowerShell 7 |
+| Microsoft.WSMan.Management | Natively Compatible | Built into PowerShell 7 |
+| MMAgent | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| MPIO | Natively Compatible | Windows Server 1809+ with Multipath-IO |
+| MsDtc | Untested with Compatibility Layer | |
+| NetAdapter | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| NetConnection | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| NetEventPacketCapture | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| NetLbfo | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| NetLldpAgent | Untested with Compatibility Layer | |
+| NetNat | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| NetQos | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| NetSecurity | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| NetSwitchTeam | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| NetTCPIP | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| NetWNV | Untested with Compatibility Layer | |
+| NetworkConnectivityStatus | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| NetworkController | Untested with Compatibility Layer | |
+| NetworkControllerDiagnostics | Untested with Compatibility Layer | |
+| NetworkLoadBalancingClusters | Untested with Compatibility Layer | |
+| NetworkSwitchManager | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| NetworkTransition | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| NFS | Natively Compatible | Windows Server 1809+ Windows 10 1809+ with Rsat.ServerManager.Tools |
+| PackageManagement | Natively Compatible | Built into PowerShell 7 |
+| PcsvDevice | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| PersistentMemory | Untested with Compatibility Layer | |
+| PKI | Untested with Compatibility Layer | |
+| PnpDevice | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| PowerShellGet | Natively Compatible | Built into PowerShell 7 |
+| PrintManagement | Natively Compatible | Windows Server 1903+ with Print-Services Windows 10 1903+ |
+| ProcessMitigations | Natively Compatible | Windows Server 1903+ Windows 10 1903+ |
+| Provisioning | Untested with Compatibility Layer | |
+| PSDesiredStateConfiguration | Partially | Built into PowerShell 7 |
+| PSDiagnostics | Natively Compatible | Built into PowerShell 7 |
+| PSScheduledJob | Not Supported by Compatibility Layer | Built into PowerShell 5.1 |
+| PSWorkflow | Untested with Compatibility Layer | |
+| PSWorkflowUtility | Untested with Compatibility Layer | |
+| RemoteAccess | Untested with Compatibility Layer | |
+| RemoteDesktop | Untested with Compatibility Layer | |
+| ScheduledTasks | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| SecureBoot | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| ServerCore | Untested with Compatibility Layer | |
+| ServerManager | Natively Compatible | Windows Server 1809+ Windows 10 1809+ with Rsat.ServerManager.Tools _See notes below_ |
+| ServerManagerTasks | Untested with Compatibility Layer | |
+| ShieldedVMDataFile | Natively Compatible | Windows Server 1903+ with RSAT-Shielded-VM-Tools Windows 10 1903+ with Rsat.Shielded.VM.Tools |
+| ShieldedVMProvisioning | Natively Compatible | Windows Server 1809+ with HostGuardian Windows 10 1809+ with HostGuardian |
+| ShieldedVMTemplate | Natively Compatible | Windows Server 1809+ with RSAT-Shielded-VM-Tools Windows 10 1809+ with Rsat.Shielded.VM.Tools |
+| SmbShare | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| SmbWitness | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| SMISConfig | Natively Compatible | Windows Server 1903+ with WindowsStorageManagementService |
+| SMS | Untested with Compatibility Layer | |
+| SoftwareInventoryLogging | Natively Compatible | Windows Server 1809+ |
+| StartLayout | Natively Compatible | Windows Server 1809+ with Desktop Experience Windows 10 1809+ |
+| Storage | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| StorageBusCache | Untested with Compatibility Layer | |
+| StorageMigrationService | Untested with Compatibility Layer | |
+| StorageQOS | Natively Compatible | Windows Server 1809+ with RSAT-Clustering-PowerShell Windows 10 1809+ with Rsat.FailoverCluster.Management.Tools |
+| StorageReplica | Untested with Compatibility Layer | |
+| SyncShare | Natively Compatible | Windows Server 1809+ with FS-SyncShareService |
+| SystemInsights | Untested with Compatibility Layer | |
+| TLS | Untested with Compatibility Layer | |
+| TroubleshootingPack | Natively Compatible | Windows 10 1903+ |
+| TrustedPlatformModule | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| UEV | Natively Compatible | Windows Server ??Future version of Server with Desktop Experience?? Windows 10 1903+ |
+| UpdateServices | Not Supported by Compatibility Layer | |
+| VpnClient | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| Wdac | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| WebAdministration | Untested with Compatibility Layer | |
+| WHEA | Natively Compatible | Windows Server 1903+ Windows 10 1903+ |
+| WindowsDeveloperLicense | Natively Compatible | Windows Server 1809+ with Desktop Experience Windows 10 1809+ |
+| WindowsErrorReporting | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| WindowsSearch | Natively Compatible | Windows 10 1903+ |
+| WindowsServerBackup | Natively Compatible | Windows Server 19H2 with Windows-Server-Backup |
+| WindowsUpdate | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+| WindowsUpdateProvider | Natively Compatible | Windows Server 1809+ Windows 10 1809+ |
+
+## Notes
+
+### ServerManager module
+
+This module has some minor compatibility issues with formatted output in PowerShell 7. For example,
+the `Get-WindowsFeature` cmdlet returns the proper object with all properties, but the default
+display formatting makes some properties appear to be empty. The actual values are available in the
+object properties using `Select-Object` or by direct member access.
+
+
+[01]: /powershell/module/dism/add-windowscapability
+[02]: /powershell/module/dism/enable-windowsoptionalfeature
+[03]: /powershell/module/dism/get-windowscapability
+[04]: /powershell/module/dism/get-windowsoptionalfeature
+[05]: /powershell/module/servermanager/install-windowsfeature
+[06]: https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332
diff --git a/docset/docs-conceptual/winserver2025-ps/toc.yml b/docset/docs-conceptual/winserver2025-ps/toc.yml
new file mode 100644
index 0000000000..aa2f895057
--- /dev/null
+++ b/docset/docs-conceptual/winserver2025-ps/toc.yml
@@ -0,0 +1,5 @@
+items:
+ - name: Windows PowerShell
+ href: get-started.md
+ - name: PowerShell 7 compatibility in Windows Server 2025
+ href: module-compatibility.md
\ No newline at end of file
diff --git a/docset/images/compare-changes.png b/docset/images/compare-changes.png
deleted file mode 100644
index 0d86db70f5..0000000000
Binary files a/docset/images/compare-changes.png and /dev/null differ
diff --git a/docset/images/contribute-link.png b/docset/images/contribute-link.png
deleted file mode 100644
index 6b17e6dd56..0000000000
Binary files a/docset/images/contribute-link.png and /dev/null differ
diff --git a/docset/images/pencil-icon.png b/docset/images/pencil-icon.png
deleted file mode 100644
index 82fe7852dd..0000000000
Binary files a/docset/images/pencil-icon.png and /dev/null differ
diff --git a/docset/images/preview-changes.png b/docset/images/preview-changes.png
deleted file mode 100644
index f98b2c6443..0000000000
Binary files a/docset/images/preview-changes.png and /dev/null differ
diff --git a/docset/images/propose-file-change.png b/docset/images/propose-file-change.png
deleted file mode 100644
index aedbc07b16..0000000000
Binary files a/docset/images/propose-file-change.png and /dev/null differ
diff --git a/docset/mapping/cabgenConfig.json b/docset/mapping/cabgenConfig.json
index 71c5f0e25a..f88396fd57 100644
--- a/docset/mapping/cabgenConfig.json
+++ b/docset/mapping/cabgenConfig.json
@@ -1,6 +1,13 @@
{
"monikers": [
{
+ "WindowsServer2025-ps": {
+ "exclude": [
+ "docset/winserver2025-ps/Microsoft.DiagnosticDataViewer",
+ "docset/winserver2025-ps/Microsoft.Windows.ServerManager.Migration",
+ "docset/winserver2025-ps/windowsdiagnosticdata"
+ ]
+ },
"WindowsServer2022-ps": {
"exclude": [
"docset/winserver2022-ps/Microsoft.DiagnosticDataViewer",
@@ -21,17 +28,6 @@
"docset/winserver2016-ps/Microsoft.Windows.ServerManager.Migration",
"docset/winserver2016-ps/windowsdiagnosticdata"
]
- },
- "winserver2012r2-ps": {
- "exclude": [
- "docset/winserver2012r2-ps/hpc",
- "docset/winserver2012r2-ps/servermigrationcmdlets"
- ]
- },
- "winserver2012-ps": {
- "exclude": [
- "docset/winserver2012-ps/servermigrationcmdlets"
- ]
}
}
]
diff --git a/docset/mapping/monikerMapping.json b/docset/mapping/monikerMapping.json
index d9cd905b21..b0884ce0d9 100644
--- a/docset/mapping/monikerMapping.json
+++ b/docset/mapping/monikerMapping.json
@@ -1,4 +1,10 @@
{
+ "WindowsServer2025-ps": {
+ "conceptualToc": "docs-conceptual/winserver2025-ps/toc.yml",
+ "conceptualTocUrl": "/powershell/winserver2025-ps/toc.json",
+ "referenceTocUrl": "/powershell/module/WindowsServer2025-ps/toc.json",
+ "packageRoot": "winserver2025-ps"
+ },
"WindowsServer2022-ps": {
"conceptualToc": "docs-conceptual/winserver2022-ps/toc.yml",
"conceptualTocUrl": "/powershell/winserver2022-ps/toc.json",
diff --git a/docset/winserver2012-ps/activedirectory/About/About.md b/docset/winserver2012-ps/activedirectory/About/About.md
new file mode 100644
index 0000000000..449df28850
--- /dev/null
+++ b/docset/winserver2012-ps/activedirectory/About/About.md
@@ -0,0 +1,26 @@
+---
+description: About articles for the ActiveDirectory module.
+Help Version: 3.1.0.0
+Locale: en-US
+ms.date: 07/03/2024
+title: About articles
+---
+# About topics
+
+## Description
+
+About topics cover a range of concepts about PowerShell.
+
+## About Topics
+
+### [about_ActiveDirectory](about_ActiveDirectory.md)
+The Active Directory module is a command line interface for managing Active Directory.
+
+### [about_ActiveDirectory_Filter](about_ActiveDirectory_Filter.md)
+Describes the syntax and behavior of the search filter supported by the Active Directory module for Windows PowerShell.
+
+### [about_ActiveDirectory_Identity](about_ActiveDirectory_Identity.md)
+The Active Directory module for Windows PowerShell objects have a range of identifying attributes that are used for search and retrieval.
+
+### [about_ActiveDirectory_ObjectModel](about_ActiveDirectory_ObjectModel.md)
+Describes the object model of the Active Directory module for Windows PowerShell.
diff --git a/docset/winserver2012-ps/activedirectory/About/about_ActiveDirectory.md b/docset/winserver2012-ps/activedirectory/About/about_ActiveDirectory.md
new file mode 100644
index 0000000000..1b7183dcd2
--- /dev/null
+++ b/docset/winserver2012-ps/activedirectory/About/about_ActiveDirectory.md
@@ -0,0 +1,81 @@
+---
+title: about_ActiveDirectory
+ms.date: 04/22/2013
+description: The Active Directory module is a command line interface for managing Active Directory.
+Locale: en-US
+schema: 2.0.0
+---
+
+# about_ActiveDirectory
+
+## SHORT DESCRIPTION
+
+The Active Directory module is a command line interface for managing Active
+Directory.
+
+## LONG DESCRIPTION
+
+The Active Directory module for Windows PowerShell is for IT Professionals who
+are administering and interfacing with Active Directory. The Active Directory
+module provides an efficient way to complete many administrative,
+configuration, and diagnostic tasks across Active Directory Domain Services (AD
+DS) and Active Directory Lightweight Directory Services (AD LDS) instances in
+their environments. The Active Directory module includes a set of Windows
+PowerShell cmdlets and a provider. The provider exposes the Active Directory
+database through a hierarchical navigation system, which is very similar to the
+file system. As with drives in a file system, such as C:, you can connect
+Windows PowerShell drives to Active Directory domains and AD LDS, as well as
+Active Directory snapshots.
+
+### Coverage of Active Directory Module Cmdlets
+
+Create, Read, Update, and Delete actions are supported for Active Directory
+objects by cmdlets such as `New-ADUser`, `Get-ADOrganizationalUnit`,
+`Set-ADComputer`, and `Remove-ADUser`.
+
+Account and Password Policy Management are supported by cmdlets such as
+`Enable-ADAccount`, `Unlock-ADAccount`, `New-ADServiceAccount`,
+`Set-ADAccountControl`, and `Remove-ADFineGrainedPasswordPolicy`.
+
+Domain and Forest Management is supported by cmdlets such as `Get-ADForest`,
+`Set-ADForest`, `Set-ADForestMode`, `Enable-ADOptionalFeature`,
+`Get-ADDomainController`, and `Get-ADDomain`.
+
+### Listing the Active Directory Module Cmdlets
+
+To get a list of all of the Active Directory module cmdlets, run
+
+```powershell
+Get-Command -Module ActiveDirectory
+```
+
+### Getting Started
+
+Getting started with the Active Directory module for Windows PowerShell is as
+easy as clicking the following shortcut:
+
+Run the following command in any Windows PowerShell prompt to import the Active
+Directory module:
+
+```powershell
+Import-Module ActiveDirectory
+```
+
+### Overview and Conceptual Topics
+
+The first two of these topics offer a high level overview of the Active
+Directory module and the Active Directory Provider.
+
+- For a brief introduction to the Active Directory provider for Windows
+ PowerShell, see [ActiveDirectory](/powershell/module/activedirectory).
+- The following topics are conceptual support topics for the Active Directory
+ module cmdlets.
+ - For an introduction to the **Identity** parameter, which is used by the
+ Active Directory module cmdlets to identify objects in the directory, see
+ [about_ActiveDirectory_Identity](about_ActiveDirectory_Identity.md).
+ - For an introduction to the **Filter** parameter which is used by Active
+ Directory module cmdlets to search for objects in the directory, see
+ [about_ActiveDirectory_Filter](about_ActiveDirectory_Filter.md).
+ - For an introduction to the .NET Framework-based object model implemented by
+ the Active Directory module, see
+ [about_ActiveDirectory_ObjectModel](about_ActiveDirectory_ObjectModel.md).
diff --git a/docset/winserver2012-ps/activedirectory/About/about_ActiveDirectory_Filter.md b/docset/winserver2012-ps/activedirectory/About/about_ActiveDirectory_Filter.md
new file mode 100644
index 0000000000..23a83c0a0a
--- /dev/null
+++ b/docset/winserver2012-ps/activedirectory/About/about_ActiveDirectory_Filter.md
@@ -0,0 +1,351 @@
+---
+title: about_ActiveDirectory_Filter
+ms.date: 04/22/2013
+description: Describes the syntax and behavior of the search filter supported by the Active Directory module for Windows PowerShell.
+Locale: en-US
+schema: 2.0.0
+---
+
+# about_ActiveDirectory_Filter
+
+## SHORT DESCRIPTION
+
+Describes the syntax and behavior of the search filter supported by the Active
+Directory module for Windows PowerShell.
+
+## LONG DESCRIPTION
+
+Most get-AD* Active Directory module cmdlets use the Filter parameter to search
+for objects. The Filter parameter has been implemented to replace the function
+of the LDAP Filter and adds support for PowerShell variables, rich data types,
+improved error checking and an Active Directory extended form of the PowerShell
+Expression Language.
+
+
+- Support for LDAP Filter Syntax
+
+ The LDAP filter syntax is supported through the **LDAPFilter** parameter. You
+ will find LDAP filter examples along with the new Active Directory module
+ filter examples in the Filter Examples section of this topic.
+
+
+- Search Breadth and Depth
+
+ The breadth and depth of your filter-driven search can be modified by two
+ Active Directory module cmdlet parameters: **SearchBase** and **SearchScope**.
+
+ When within the context of the Active Directory provider, if the
+ **Searchbase** parameter is not specified, **SearchBase** will default to the
+ current path. When not running under the Active Directory provider, the
+ **SearchBase** will default to the server's **DefaultNamingContext**.
+
+ The **SearchScope** parameter defaults to the value `Subtree`, of the
+ enumerated type **ADSearchScope**.
+
+ For more information, see the **SearchBase** and **SearchScope** parameter
+ descriptions on any `Get-AD*` cmdlet.
+
+- Search Result Behavior
+
+ The behavior of the Active Directory module when returning results of a
+ search is modified by two cmdlet parameters: **ResultPageSize** and
+ **ResultSetSize**.
+
+ **ResultSetSize** controls the maximum number of returned objects.
+
+ **ResultPageSize** specifies the maximum number of objects for each returned
+ page of information.
+
+ See the **ResultPageSize** and **ResultSetSize** parameter descriptions on
+ any `Get-AD*` cmdlet for more information.
+
+
+- Timeout Behavior
+
+ The following statements specify timeout conditions within the Active
+ Directory module and describe what can be done about a timeout them.
+
+ The default Active Directory module timeout for all operations is 2
+ minutes.
+
+ For search operation, the Active Directory module uses paging control
+ with a 2-minute timeout for each page search.
+
+ > [!NOTE]
+ > Because a search may involve multiple server page requests the overall
+ > search time may exceed 2 minutes.
+
+ A **TimeoutException** error indicates that a timeout has occurred.
+
+ For a search operation, you can choose to use a smaller page size, set with
+ the **ResultPageSize** parameter, if you are getting a **TimeoutException**
+ error.
+
+ If after trying these changes you are still getting a **TimeoutException**
+ error, consider optimizing your filter using the guidance in the
+ Optimizing Filters section of this topic.
+
+
+- Optimizing Filters
+
+ You can enhance the search filter behavior by using these guidelines.
+
+ - Avoid using the **Recursive** parameter as it intensifies resource usage of
+ the search operation.
+ - Avoid using bitwise AND operators and bitwise OR operators. For more
+ information, see the Supported Operators section of this topic.
+ - Avoid using the logical NOT operator.
+ - Break down your search into multiple queries with narrower conditions.
+
+ For a full description of filter syntax and usage, see the Filter Syntax
+ section of this topic.
+
+
+## Filter Examples
+
+The following section shows many examples of filter use in common queries.
+
+### Example 1 - Get all entries:
+
+- LDAP Filter Equivalent: `(objectClass=*)`
+
+```powershell
+Get-ADObject -Filter 'ObjectClass -like "*"'
+```
+
+### Example 2 - Get entries containing "bob" somewhere in the common name
+
+- LDAP Filter Equivalent: `(cn=*bob*)`
+
+```powershell
+Get-ADObject -Filter 'CN -like "*bob*"'
+```
+
+### Example 3 - Get entries with a bad password count greater than five
+
+- LDAP Filter Equivalent: `(&(!badpwdcount<=5)(badpwdcount=*))`
+
+```powershell
+Get-ADUser -Filter 'badpwdcount -ge 5'
+```
+
+### Example 4 - Get all users with an e-mail attribute
+
+- LDAP Filter Equivalent: `(&(objectClass=user)(email=*))`
+
+```powershell
+Get-ADUser -filter 'email -like "*"'
+```
+
+-or-
+
+```powershell
+Get-ADObject -filter 'email -like "*" -and ObjectClass -eq "user"'
+```
+
+### Example 5 - Get all user entries with an e-mail attribute and a surname equal to "smith":
+
+- LDAP Filter Equivalent: `(&(sn=smith)(objectClass=user)(email=*))`
+
+```powershell
+Get-ADUser -Filter 'Email -like "*" -and SurName -eq "smith"'
+```
+
+-or-
+
+```powershell
+Get-ADUser -Filter 'Email -like "*" -and sn -eq "smith"'
+```
+
+
+### Example 6 - Get all user entries with a common name that starts with "andy" and users with a common name of "steve" or "margaret"
+
+- LDAP Filter Equivalent: `(&(objectClass=user) | (cn=andy*)(cn=steve)(cn=margaret))`
+
+```powershell
+Get-ADUser -Filter 'CN -like "andy*" -or CN -eq "steve" -or CN -eq "margaret"'
+```
+
+
+This example demonstrates a more complex logic and the use of precedence
+control via parenthesis.
+
+```powershell
+Get-ADObject -Filter 'objectClass -eq "user" -and (CN -like "andy*" -or CN -eq "steve" -or CN -eq "margaret")'
+```
+
+### Example 7 - Get all entries without an e-mail attribute
+
+- LDAP Filter Equivalent: `(!(email=*))`
+
+```powershell
+Get-ADUser -Filter '-not Email -like "*"'
+```
+
+-or-
+
+```powershell
+Get-ADUser -Filter 'Email -notlike "*"'
+```
+
+### Example 8 - Get all users who did not logon since January 1, 2007
+
+- LDAP Filter Equivalent: `(&(lastlogon<=X)(objectClass=user))` where X is
+ number of 100-nanosecond slices since Jan 1st 1601
+
+```powershell
+$date = new-object System.DateTime -ArgumentList @(2007,1,1,0,0,0)
+Get-ADUser -Filter '-not LastLogon -le $date'
+```
+
+### Example 9 - Get all users who have logged on in the last 5 days
+
+- LDAP Filter Equivalent:
+
+ ```
+ (&(lastLogon>=128812906535515110)
+ (objectClass=user)(!(objectClass=computer)))
+ ```
+
+```powershell
+$date = (get-date) - (new-timespan -days 5)
+Get-ADUser -Filter 'lastLogon -gt $date'
+```
+
+### Example 10 - Search for group objects that have the ADS_GROUP_TYPE_SECURITY_ENABLED flag set
+
+- LDAP Filter Equivalent:
+ `(&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2147483648))`
+
+The following example query string searches for group objects that have the
+ADS_GROUP_TYPE_SECURITY_ENABLED flag set. Be aware that the decimal value of
+ADS_GROUP_TYPE_SECURITY_ENABLED (0x80000000 = 2147483648) is used for the
+comparison value.
+
+```powershell
+Get-ADGroup -filter 'groupType -band 0x80000000'
+```
+
+### Example 11 - Search the ancestry of an object
+
+- LDAP Filter Equivalent:
+ `(memberof:1.2.840.113556.1.4.1941:=(cn=Group1,OU=groupsOU,DC=x)))`
+
+The LDAP_MATCHING_RULE_IN_CHAIN is a matching rule OID that is designed to
+provide a method to look up the ancestry of an object. Many applications using
+Active Directory and AD LDS usually work with hierarchical data, which is
+ordered by parent-child relationships. Previously, applications performed
+transitive group expansion to figure out group membership, which used a lot of
+network bandwidth. Applications made multiple round-trips to figure out if an
+object fell "in the chain" if a link were traversed through to the end.
+
+An example of such a query is one designed to check if a user, "user1" is a
+member of group "group1". "user1" may not be a direct member of group1. It
+could be a member of some other group, which is a member of "group1".
+
+You would set the base to the user DN and the scope to base, and use the query:
+
+```powershell
+Get-ADUser -Filter 'memberOf -RecursiveMatch "CN=Administrators, CN=Builtin,DC=Fabrikam,DC=com"' -SearchBase "CN=Administrator,CN=Users,DC=Fabrikam,DC=com"
+```
+
+## Filter Syntax
+
+The following syntax descriptions use Backus-Naur form to show the PowerShell
+Expression Language for the Filter parameter.
+
+```Syntax
+ ::= "{" "}"
+
+ ::= |
+ |
+
+
+ ::= |
+ "(" ")"
+
+ ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt" |
+ "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" |
+ "-notlike"
+
+ ::= "-and" | "-or"
+
+ ::= "-not"
+
+ ::= |
+
+::= < this value will be compared to the object data for
+ attribute using the specified filter operator
+```
+
+
+## Supported Operators
+
+The following table shows frequently used search filter operators.
+
+| Operator | Description | LDAP Equivalent |
+| ----------------- | -------------------------------------- | -------------------------- |
+| `-eq` | Equal to. Wildcards not supported. | = |
+| `-ne` | Not equal to. Wildcards not supported. | !x = y |
+| `-approx` | Approximately equal to | ~= |
+| `-le` | Lexicographically less than | <= |
+| | or equal to | |
+| `-lt` | Lexicographically less than | !x >= y |
+| `-ge` | Lexicographically greater | >= |
+| | than or equal to | |
+| `-gt` | Lexicographically greater than | !x <= y |
+| | | |
+| `-and` | AND | & |
+| `-or` | OR | |
+| `-not` | NOT | ! |
+| `-bor` | Bitwise OR | :1.2.840.113556.1.4.804:= |
+| `-band` | Bitwise AND | :1.2.840.113556.1.4.803:= |
+| `-recursivematch` | Use LDAP_MATCHING_RULE_IN_CHAIN | :1.2.840.113556.1.4.1941:= |
+| `-like` | Similar to `-eq` and supports | = |
+| | wildcard comparison. The only | |
+| | wildcard character supported is: `*` | |
+| `-notlike` | Not like. Supports wild | !x = y |
+| | card comparison. | |
+
+> [!NOTE]
+> PowerShell wildcards, other than "*", such as "?" are not supported by the
+> **Filter** parameter syntax.
+
+### Operator Precedence
+
+The following listing shows the precedence of operators for filters from
+highest to lowest.
+
+- Highest precedence: `-eq`, `-ge`, `-le`, `-approx`, `-band`, `-bor`,
+ `-recursivematch`, `-ne`, `-like`, `-not`, `-and`
+- Lowest precedence: `-or`
+
+### Special Characters
+
+The following escape sequence should be used for specifying special characters
+in AD Filter STRING data, that is, data enclosed in double or single quotes.
+
+| ASCII Character | Escape sequence substitute |
+| --------------- | --------------------------------------------------- |
+| `"` | `` `" `` (This escape sequence is only required if |
+| | STRING data is enclosed in double quotes.) |
+| `'` | `''` (This escape sequence is only required if |
+| | STRING data is enclosed in single quotes.) |
+| NUL | `\00` (This is a standard LDAP escape sequence.) |
+| `\` | `\5c` (This is a standard LDAP escape sequence.) |
+
+### LDAP Special Characters
+
+ADFilter parser will automatically convert all the below characters found in
+STRING data, that is data enclosed in " " or ' ' to their LDAP escape sequence.
+End users need not know about these LDAP escape sequence.
+
+| ASCII Character | Escape sequence substitute |
+| --------------- | ----------------------------------------------- |
+| `*` | `\2a` (Character `*` will only be converted in |
+| | -eq and -ne comparisons Users should use |
+| | -like and -notlike operators for wildcard |
+| | comparison.) |
+| `(` | `\28` |
+| `)` | `\29` |
+| `/` | `\2f` |
diff --git a/docset/winserver2012-ps/activedirectory/About/about_ActiveDirectory_Identity.md b/docset/winserver2012-ps/activedirectory/About/about_ActiveDirectory_Identity.md
new file mode 100644
index 0000000000..c007277b19
--- /dev/null
+++ b/docset/winserver2012-ps/activedirectory/About/about_ActiveDirectory_Identity.md
@@ -0,0 +1,196 @@
+---
+title: about_ActiveDirectory_Identity
+ms.date: 04/22/2013
+description: This article lists the identifying attributes that are used for search and retrieval supported by the Active Directory module for Windows PowerShell.
+Locale: en-US
+schema: 2.0.0
+---
+
+# about_ActiveDirectory_Identity
+
+## SHORT DESCRIPTION
+
+The Active Directory module for Windows PowerShell objects have a range of
+identifying attributes that are used for search and retrieval.
+
+## LONG DESCRIPTION
+
+In order to identify the objects in Active Directory, each object has
+attributes that can be used as identifiers. In the Active Directory module, the
+value of the identity of an object can be passed using the Identity parameter.
+Each object type has its own set of possible types and values for use by the
+Identity parameter. See the detailed description of the Identity parameter of
+the given cmdlet for more information about its usage.
+
+When searching with the Active Directory module cmdlets, the value of the
+Identity parameter, along with the values of the Server and Partition
+parameters, is used to uniquely identify a single object. The Server parameter
+is used to locate which server to connect with. The Partition parameter further
+narrows the search to a specific partition. The Identity parameter then
+resolves to a single unique object in the partition.
+
+Note that using the Security Accounts Manager (SAM) Account Name
+(**sAMAccountName**) when targeting a global catalog port, you will not find a
+user in a different domain if you are using the Identity parameter
+
+If more than one object is found using identity resolution, the Active
+Directory module throws an error.
+
+For more information about the Server and Partition parameters, see the help
+topics for the individual cmdlets where they are used, such as `Get-ADUser`, by
+typing:
+
+```powershell
+Get-Help Get-ADUser
+```
+
+### Objects and Identities
+
+Each object has a list of attributes that can be used as an identity for that
+object. Additionally, if the object inherits from another object, then the
+parent object's identities can also be used as the child object's identities.
+For more information on the Active Directory object hierarchy, see
+[about_ActiveDirectory_ObjectModel](about_ActiveDirectory_ObjectModel.md).
+
+> [!NOTE]
+> For Active Directory Provider cmdlets, only an object's 'Distinguished Name'
+> or 'Relative Distinguished Name' can be used as the identity. For a list of
+> Active Directory Provider cmdlets, see ActiveDirectory.
+
+### Identity Attributes
+
+The following is a list of identity attributes by object type.
+
+- ADAccount
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Security Identifier (objectSid)
+ - SAM Account Name (sAMAccountName)
+
+- ADComputer
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Security Identifier (objectSid)
+ - Security Accounts Manager Account Name (sAMAccountName)
+
+- ADDirectoryServer
+ - Name of the server object (name)
+ - For AD LDS instances the syntax of a name is `$`
+ - For other Active Directory instances, use the value of the name property.
+ - Distinguished Name of the NTDS Settings object
+ - Distinguished Name of the server object that represents the directory
+ server.
+ - GUID (objectGUID) of server object under the configuration partition.
+ - GUID (objectGUID) of NTDS settings object under the configuration partition
+
+- ADDomain
+ - Distinguished Name
+ - GUID
+ - Security Identifier
+ - DNS domain name
+ - NetBIOS domain name
+
+- ADDomainController
+ - GUID (objectGUID)
+ - IPV4Address
+ - Global IPV6Address
+ - DNS Host Name (dNSHostName)
+ - Name of the server object
+ - Distinguished Name of the NTDS Settings object
+ - Distinguished Name of the server object that represents the domain controller
+ - GUID of NTDS settings object under the configuration partition
+ - GUID of server object under the configuration partition
+ - Distinguished Name of the computer object that represents the domain controller.
+
+- ADFineGrainedPasswordPolicy
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Name (name)
+
+- ADForest
+ - Fully qualified domain name
+ - DNS host name
+ - NetBIOS name
+
+- ADGroup
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Security Identifier (objectSid)
+ - Security Accounts Manager (SAM) Account Name (sAMAccountName)
+
+- ADObject
+ - Distinguished Name
+ - GUID (objectGUID)
+
+- ADOptionalFeature
+ - Distinguished Name
+ - Name (name)
+ - Feature GUID (featureGUID)
+ - GUID (objectGUID)
+
+- ADOrganizationalUnit
+ - Distinguished Name
+ - GUID (objectGUID)
+
+- ADPrincipal
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Security Identifier (objectSid)
+ - SAM Account Name (sAMAccountName)
+
+- ADServiceAccount
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Security Identifier (objectSid)
+ - SAM Account Name (sAMAccountName)
+
+- ADUser
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Security Identifier (objectSid)
+ - SAM User Name (sAMUserName)
+
+
+### Identities Formats
+
+Active Directory module objects have a range of identity attributes. Below is a
+list of these, their types and formats.
+
+- Distinguished Name
+ - Example: CN=SaraDavis,CN=Europe,CN=Users, DC=corp,DC=contoso,DC=com
+
+- DNS domain name
+ - Example: redmond.corp.contoso.com
+
+- DNS Host Name (dNSHostName)
+ - Example: corp-DC01.corp.contoso.com
+
+- Feature GUID (featureGUID)
+ - Example: 599c3d2e-f72d-4d20-8a88-030d99495f20
+
+- Fully qualified domain name
+ - Example: corp.contoso.com
+
+- Global IPV6Address
+ - Example: 2001:4898:0:fff:200:5efe:157.59.132.61
+
+- GUID (objectGUID)
+ - Example: 599c3d2e-f72d-4d20-8a88-030d99495f20
+
+- IPV4Address
+ - Example:157.59.132.61
+
+- NetBIOS domain name
+ - Example: redmond
+
+- Name of the server object
+ - Example: corp-DC01$
+
+- SAM Account Name (sAMAccountName)
+ - Example: saradavisreports
+
+- Security Identifier (objectSid)
+ - Example: S-1-5-21-3165297888-301567370-576410423-1103
+
+- Name
+ - Example: Recycle Bin Feature
diff --git a/docset/winserver2012-ps/activedirectory/About/about_ActiveDirectory_ObjectModel.md b/docset/winserver2012-ps/activedirectory/About/about_ActiveDirectory_ObjectModel.md
new file mode 100644
index 0000000000..8535a97464
--- /dev/null
+++ b/docset/winserver2012-ps/activedirectory/About/about_ActiveDirectory_ObjectModel.md
@@ -0,0 +1,595 @@
+---
+title: about_ActiveDirectory_ObjectModel
+ms.date: 04/22/2013
+description: Describes the object model of the Active Directory module for Windows PowerShell.
+Locale: en-US
+schema: 2.0.0
+---
+
+# about_ActiveDirectory_ObjectModel
+
+## SHORT DESCRIPTION
+Describes the object model of the Active Directory module for Windows
+PowerShell.
+
+## LONG DESCRIPTION
+
+This topic explains the Active Directory module classes and their properties
+used to model actual Active Directory attributes. It also outlines the class
+hierarchy constructed from its Active Directory counterpart. The object model
+establishes a data foundation for all the operations supported by Active
+Directory module cmdlets.
+
+### Class Hierarchy
+
+The following list shows the class hierarchy defined in the Active Directory
+module object model, with class inheritance implied by indentation. This
+inheritance model allows for Active Directory cmdlets to accept a range of
+object types as input. This means, for example, that the cmdlet
+Get-ADPrincipalGroupMembership can accept as input any of the following
+objects: ADGroup, ADAccount, ADComputer, ADServiceAccount or ADUser. This works
+because of the inheritance model and guarantees that an ADUser object has all
+of the properties of an ADPrincipal object.
+
+```
+ADEntity
+ ADRootDSE
+ ADObject
+ ADFineGrainedPasswordPolicy
+ ADOptionalFeature
+ ADOrganizationalUnit
+ ADPartition
+ ADDomain
+ ADPrincipal
+ ADAccount
+ ADComputer
+ ADServiceAccount
+ ADUser
+ ADGroup
+ ADDefaultDomainPasswordPolicy
+ ADForest
+ ADDirectoryServer
+ ADDomainController
+```
+
+### Active Directory Module Classes
+
+The following listing shows every Active Directory module class from the class
+hierarchy listing. Each class defines a set of properties, some of which are
+LDAP attributes that are retrieved by default and some are new properties
+created specifically for the Active Directory module. These new properties are
+derived from one or more LDAP attributes as outlined in the class listings.
+
+
+- ADEntity - The base level class from which all other classes are derived.
+ - ADRootDSE - Represents the rootDSE and is derived from ADEntity. An
+ ADRootDSE may contain the following properties in addition to those
+ inherited from its parent.
+ - ConfigurationNamingContext - A property of type System.String, derived
+ from the directory attribute ConfigurationNamingContext
+ - CurrentTime - A property of type System.DateTime, derived from the
+ directory attribute CurrentTime
+ - DefaultNamingContext - A property of type System.String, derived from the
+ directory attribute DefaultNamingContext
+ - DnsHostName - A property of type System.String, derived from the
+ directory attribute DnsHostName
+ - DomainControllerFunctionality - A property of type
+ ADDomainControllerMode, derived from the directory attribute
+ DomainControllerFunctionality
+ - DomainFunctionality - A property of type ADDomainMode, derived from the
+ directory attribute DomainFunctionality
+ - DsServiceName - A property of type System.String, derived from the
+ directory attribute DsServiceName
+ - ForestFunctionality - A property of type ADForestMode, derived from the
+ directory attribute ForestFunctionality
+ - GlobalCatalogReady - A property of type System.Boolean, derived from the
+ directory attribute GlobalCatalogReady
+ - HighestCommittedUSN - A property of type System.Long, derived from the
+ directory attribute HighestCommittedUSN
+ - LdapServiceName - A property of type System.String, derived from the
+ directory attribute LdapServiceName
+ - NamingContexts - A property of type System.String, derived from the
+ directory attribute NamingContexts
+ - RootDomainNamingContext - A property of type System.String, derived from
+ the directory attribute RootDomainNamingContext
+ - SchemaNamingContext - A property of type System.String, derived from the
+ directory attribute SchemaNamingContext
+ - ServerName - A property of type System.String, derived from the directory
+ attribute ServerName
+ - SubschemaSubentry - A property of type ADObject, derived from the
+ directory attribute SubschemaSubentry
+ - SupportedCapabilities - A property of type ADObjectIdentifier, derived
+ from the directory attribute SupportedCapabilities
+ - SupportedControl - A property of type ADObjectIdentifier, derived from
+ the directory attribute SupportedControl
+ - SupportedLDAPPolicies - A property of type System.String, derived from
+ the directory attribute SupportedLDAPPolicies
+ - SupportedLDAPVersion - A property of type System.Int, derived from the
+ directory attribute SupportedLDAPVersion
+ - SupportedRootDSEOperations - A property of type
+ ADPropertyValueCollection, derived from the directory attribute
+ SupportedRootDSEOperations
+ - SupportedSASLMechanisms - A property of type System.String, derived from
+ the directory attribute SupportedSASLMechanisms
+ - Syncronized - A property of type System.Boolean, derived from the
+ directory attribute IsSynchronized.
+ - ADObject - Represents any object in Active Directory and is derived from
+ ADEntity. An ADObject may contain the following properties in addition to
+ those inherited from its parent.
+ - CanonicalName - A property of type System.String, derived from the
+ directory attribute: canonicalName
+ - CN - A property of type System.String, derived from the directory
+ attribute: cn
+ - Created - A property of type System.DateTime, derived from the directory
+ attribute: createTimeStamp
+ - Deleted - A property of type System.Boolean, derived from the directory
+ attribute: isDeleted
+ - Description - A property of type System.String, derived from the
+ directory attribute: description
+ - DisplayName - A property of type System.String, derived from the
+ directory attribute: displayName
+ - DistinguishedName - A property of type System.String, derived from the
+ directory attribute: distinguishedName
+ - LastKnownParent - A property of type System.String, derived from the
+ directory attribute: lastKnownParent
+ - Modified - A property of type System.DateTime, derived from the directory
+ attribute: modifyTimeStamp
+ - Name - A property of type System.String, derived from the directory
+ attribute: name
+ - ObjectCategory - A property of type System.String, derived from the
+ directory attribute: objectCategory
+ - ObjectClass - A property of type System.String, derived from the
+ directory attribute: objectClass
+ - ObjectGUID - A property of type System.Guid, derived from the directory
+ attribute: objectGUID
+ - ProtectedFromAccidentalDeletion - A property of type System.Boolean,
+ derived from the directory attributes: nTSecurityDescriptor,
+ sdRightsEffective, instanceType, isDeleted
+ - ADFineGrainedPasswordPolicy Represents a fine grained password policy
+ object; that is, an AD object of type msDS-PasswordSettings in AD DS and
+ is derived from ADObject. This class is not supported by AD LDS. An
+ ADFineGrainedPasswordPolicy may contain the following properties in
+ addition to those inherited from its parent.
+ - AppliesTo - A property of type System.String, derived from the
+ directory attribute: msDS-PSOAppliesTo
+ - ComplexityEnabled - A property of type System.Boolean, derived from the
+ directory attribute: msDS-PasswordComplexityEnabled
+ - LockoutDuration - A property of type System.TimeSpan, derived from the
+ directory attribute: msDS-LockoutDuration
+ - LockoutObservationWindow - A property of type System.TimeSpan, derived
+ from the directory attribute: msDS-LockoutObservationWindow
+ - LockoutThreshold - A property of type System.Int32, derived from the
+ directory attribute: msDS-LockoutThreshold
+ - MaxPasswordAge - A property of type System.TimeSpan, derived from the
+ directory attribute: msDS-MaximumPasswordAge
+ - MinPasswordAge - A property of type System.TimeSpan, derived from the
+ directory attribute: msDS-MinimumPasswordAge
+ - MinPasswordLength - A property of type System.Int32, derived from the
+ directory attribute: msDS-MinimumPasswordLength
+ - PasswordHistoryCount - A property of type System.Int32, derived from
+ the directory attribute: msDS-PasswordHistoryLength
+ - Precedence - A property of type System.Int32, derived from the
+ directory attribute: msDS-PasswordSettingsPrecedence
+ - ReversibleEncryptionEnabled - A property of type System.Boolean,
+ derived from the directory attribute:
+ msDS-PasswordReversibleEncryptionEnabled
+ - ADOptionalFeature Represents an optional feature, an Active Directory
+ object of type msDS-OptionalFeature, and is derived from ADObject. An
+ ADOptionalFeaturemay contain the following properties in addition to
+ those inherited from its parent.
+ - EnabledScopes - A property of type System.String, derived from the
+ directory attribute: msDS-EnabledFeatureBL
+ - FeatureGUID - A property of type System.Guid, derived from the
+ directory attribute: msDS-OptionalFeatureGUID
+ - FeatureScope - A property of type System.Int32, derived from the
+ directory attribute: msDS-OptionalFeatureFlags
+ - IsDisableable - A property of type System.Boolean, derived from the
+ directory attribute: msDS-OptionalFeatureFlags
+ - RequiredDomainMode - A property of type
+ Microsoft.ActiveDirectory.Management.ADDomainMode, derived from the
+ directory attribute: msDS-RequiredDomainBehaviorVersion
+ - RequiredForestMode - A property of type
+ Microsoft.ActiveDirectory.Management.ADForestMode, derived from the
+ directory attribute: msDS-RequiredForestBehaviorVersion
+ - ADOrganizationalUnit Represents an organizationalUnit (OU) object and is
+ derived from ADObject. An ADOrganizationalUnit may contain the following
+ properties in addition to those inherited from its parent.
+ - City - A property of type System.String, derived from the directory
+ attribute: l
+ - Country - A property of type System.String, derived from the directory
+ attribute: c
+ - LinkedGroupPolicyObjects - A property of type System.String, derived
+ from the directory attribute: gpLink. This property is not supported on
+ AD LDS.
+ - ManagedBy - A property of type System.String, derived from the
+ directory attribute: managedBy
+ - PostalCode - A property of type System.String, derived from the
+ directory attribute: postalCode
+ - State - A property of type System.String, derived from the directory
+ attribute: st
+ - StreetAddress - A property of type System.String, derived from the
+ directory attribute: street
+ - ADPartition - Represents a naming context, Configuration, Schema, Domain
+ or Application Partition(ND NC) and is derived from ADObject. This class
+ is not supported by AD LDS. An ADPartition may contain the following
+ properties in addition to those inherited from its parent.
+ - DeletedObjectsContainer - A property of type System.String, derived
+ from the directory attribute: DeletedObjectsContainer
+ - DNSRoot - A property of type System.String, derived from the directory
+ attribute: DNSRoot
+ - LostAndFoundContainer - A property of type System.String, derived from
+ the directory attribute: LostAndFoundContainer
+ - QuotasContainer - A property of type System.String, derived from the
+ directory attribute: QuotasContainer
+ - ReadOnlyReplicaDirectoryServers - A property of type System.String,
+ derived from the directory attribute: ReadOnlyReplicaDirectoryServers
+ - ReplicaDirectoryServers - A property of type System.String, derived
+ from the directory attribute: ReplicaDirectoryServers
+ - SubordinateReferences - A property of type System.String, derived from
+ the directory attribute: SubordinateReferences
+ - ADDomain - Represents a domain in AD DS or an instance in AD LDS; for
+ example, an Active Directory object of type domainDNS and is derived
+ from ADPartition. This class is not supported by AD LDS. An ADDomain
+ may contain the following properties in addition to those inherited
+ from its parent.
+ - AllowedDNSSuffixes - A property of type System.String, derived from
+ the directory attribute: msDS-AllowedDNSSuffixes
+ - ChildDomains - A property of type System.String, derived from the
+ directory attribute: ChildDomains
+ - ComputersContainer - A property of type System.String, derived from
+ the directory attribute: ComputersContainer
+ - DomainControllersContainer - A property of type System.String,
+ derived from the directory attribute: DomainControllersContainer
+ - DomainMode - A property of type System.Int32, derived from the
+ directory attribute: msDS-Behavior-Version
+ - DomainSID - A property of type
+ System.Security.Principal.SecurityIdentifier, derived from the
+ directory attribute: objectSid
+ - ForeignSecurityPrincipalsContainer - A property of type
+ System.String, derived from the directory attribute:
+ ForeignSecurityPrincipalsContainer
+ - Forest - A property of type System.String, derived from the directory
+ attribute: Forest
+ - InfrastructureMaster - A property of type System.String, derived from
+ the directory attribute: InfrastructureMaster
+ - LastLogonReplicationInterval - A property of type System.TimeSpan,
+ derived from the directory attribute: msDS-LogonTimeSyncInterval
+ - LinkedGroupPolicyObjects - A property of type System.String, derived
+ from the directory attribute: LinkedGroupPolicyObjects
+ - ManagedBy - A property of type System.String, derived from the
+ directory attribute: managedBy
+ - NetBIOSName - A property of type System.String, derived from the
+ directory attribute: NetBIOSName
+ - ParentDomain - A property of type System.String, derived from the
+ directory attribute: ParentDomain
+ - PDCEmulator - A property of type System.String, derived from the
+ directory attribute: PDCEmulator
+ - RIDMaster - A property of type System.String, derived from the
+ directory attribute: RIDMaster
+ - SystemsContainer - A property of type System.String, derived from the
+ directory attribute: SystemsContainer
+ - UsersContainer - A property of type System.String, derived from the
+ directory attribute: UsersContainer
+ - ADPrincipal - Represents a security principal, which is an Active
+ Directory object of type user, computer, group or iNetOrgPerson and is
+ derived from ADObject. An ADPrincipal may contain the following
+ properties in addition to those inherited from its parent.
+ - HomePage - A property of type System.String, derived from the
+ directory attribute: wWWHomePage
+ - MemberOf - A property of type System.String, derived from the
+ directory attribute: memberOf
+ - SamAccountName - A property of type System.String, derived from the
+ directory attribute: sAMAccountName. This property is not supported
+ for AD LDS.
+ - SID - A property of type
+ System.Security.Principal.SecurityIdentifier, derived from the
+ directory attribute: objectSid
+ - SIDHistory - A property of type
+ System.Security.Principal.SecurityIdentifier, derived from the
+ directory attribute: sIDHistory. This property is not supported for
+ AD LDS.
+ - ADAccount - Represents a security account; that is, an Active
+ Directory object of type user, computer or iNetOrgPerson and is
+ derived from ADPrincipal. An ADAccount may contain the following
+ properties in addition to those inherited from its parent.
+ - AccountExpirationDate - A property of type System.DateTime, derived
+ from the directory attribute: accountExpires
+ - AccountLockoutTime - A property of type System.DateTime, derived
+ from the directory attribute: lockoutTime
+ - AccountNotDelegated - A property of type System.Boolean, derived
+ from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - AllowReversiblePasswordEncryption - A property of type
+ System.Boolean, for AD DS it is derived from the directory
+ attribute: userAccountControl; for AD LDS it is derived from the
+ directory attribute: ms-DS-UserEncryptedTextPasswordAllowed
+ - BadLogonCount - A property of type System.Int32, derived from the
+ directory attribute: badPwdCount
+ - CannotChangePassword - A property of type System.Boolean, derived
+ from the directory attribute: nTSecurityDescriptor
+ - Certificates - A property of type
+ System.Security.Cryptography.X509Certificates.X509Certificate,
+ derived from the directory attribute: userCertificate
+ - DoesNotRequirePreAuth - A property of type System.Boolean, derived
+ from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - Enabled - A property of type System.Boolean, for AD DS it is
+ derived from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed; for AD LDS it is derived from
+ the directory attribute msDS-UserAccountDisabled
+ - HomedirRequired - A property of type System.Boolean, derived from
+ the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - LastBadPasswordAttempt - A property of type System.DateTime,
+ derived from the directory attribute: badPasswordTime
+ - LastLogonDate - A property of type System.DateTime, derived from
+ the directory attribute: lastLogonTimestamp
+ - LockedOut - A property of type System.Boolean, for AD DS it is
+ derived from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed, lockoutTime; for AD LDS it is
+ derived from the directory attribute msDS-UserAccountDisabled
+ - MNSLogonAccount - A property of type System.Boolean, derived from
+ the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - PasswordExpired - A property of type System.Boolean, for AD DS it
+ is derived from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed; for AD LDS it is derived from
+ the directory attribute msDS-UserPasswordExpired
+ - PasswordLastSet - A property of type System.DateTime, derived from
+ the directory attribute: pwdLastSet
+ - PasswordNeverExpires - A property of type System.Boolean, for AD
+ LDS it is derived from the directory attributes:
+ userAccountControl, msDS-User-Account-Control-Computed; for AD LDS
+ it is derived from the directory attribute:
+ msDS-UserDontExpirePassword
+ - PasswordNotRequired - A property of type System.Boolean, for AD DS
+ it is derived from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed; for AD LDS it is derived from
+ the directory attribute: ms-DS-UserPasswordNotRequired
+ - PrimaryGroup - A property of type System.String, derived from the
+ directory attributes: primaryGroupID, objectSid. This property is
+ not supported by AD LDS.
+ - ServicePrincipalNames - A property of type System.String, derived
+ from the directory attribute: servicePrincipalName. This property
+ is not supported by AD LDS.
+ - TrustedForDelegation - A property of type System.Boolean, derived
+ from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - TrustedToAuthForDelegation - A property of type System.Boolean,
+ derived from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - UseDESKeyOnly - A property of type System.Boolean, derived from the
+ directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - UserPrincipalName - A property of type System.String, derived from
+ the directory attribute: userPrincipalName
+ - ADComputer - Represents a computer and is derived from ADAccount.
+ An ADComputer may contain the following properties in addition to
+ those inherited from its parent.
+ - DNSHostName - A property of type System.String, derived from the
+ directory attribute: dNSHostName
+ - IPv4Address - A property of type System.String, derived from the
+ directory attribute: dNSHostName
+ - IPv6Address - A property of type System.String, derived from the
+ directory attribute: dNSHostName
+ - Location - A property of type System.String, derived from the
+ directory attribute: location
+ - ManagedBy - A property of type System.String, derived from the
+ directory attribute: managedBy
+ - OperatingSystem - A property of type System.String, derived from
+ the directory attribute: operatingSystem
+ - OperatingSystemHotfix - A property of type System.String, derived
+ from the directory attribute: operatingSystemHotfix
+ - OperatingSystemServicePack - A property of type System.String,
+ derived from the directory attribute: operatingSystemServicePack
+ - OperatingSystemVersion - A property of type System.String,
+ derived from the directory attribute: operatingSystemVersion
+ - ServiceAccount - A property of type System.String, derived from
+ the directory attribute: msDS-HostServiceAccount
+ - ADServiceAccount - Represents a managed service account; that is,
+ an Active Directory object of type msDS-ManagerdServiceAccount and
+ is derived from ADAccount. This class is not supported by AD LDS.
+ An ADServiceAccount may contain the following properties in
+ addition to those inherited from its parent.
+ - HostComputers - A property of type System.String, derived from
+ the directory attribute: msDS-HostServiceAccountBL
+ - ADUser - Represents a user (or iNetOrgPerson) and is derived from
+ ADAccount. An ADUser may contain the following properties in
+ addition to those inherited from its parent.
+ - City - A property of type System.String, derived from the
+ directory attribute: l
+ - Company - A property of type System.String, derived from the
+ directory attribute: company
+ - Country - A property of type System.String, derived from the
+ directory attribute: c
+ - Department - A property of type System.String, derived from the
+ directory attribute: department
+ - Division - A property of type System.String, derived from the
+ directory attribute: division
+ - EmailAddress - A property of type System.String, derived from the
+ directory attribute: mail
+ - EmployeeID - A property of type System.String, derived from the
+ directory attribute: employeeID
+ - EmployeeNumber - A property of type System.String, derived from
+ the directory attribute: employeeNumber
+ - Fax - A property of type System.String, derived from the
+ directory attribute: facsimileTelephoneNumber
+ - GivenName - A property of type System.String, derived from the
+ directory attribute: givenName
+ - HomeDirectory - A property of type System.String, derived from
+ the directory attribute: homeDirectory. This property is not
+ supported by AD LDS.
+ - HomeDrive - A property of type System.String, derived from the
+ directory attribute: homeDrive. This property is not supported by
+ AD LDS.
+ - HomePhone - A property of type System.String, derived from the
+ directory attribute: homePhone
+ - Initials - A property of type System.String, derived from the
+ directory attribute: initials
+ - LogonWorkstations - A property of type System.String, derived
+ from the directory attribute: userWorkstations. This property is
+ not supported by AD LDS.
+ - Manager - A property of type System.String, derived from the
+ directory attribute: manager
+ - MobilePhone - A property of type System.String, derived from the
+ directory attribute: mobile
+ - Office - A property of type System.String, derived from the
+ directory attribute: physicalDeliveryOfficeName
+ - OfficePhone - A property of type System.String, derived from the
+ directory attribute: telephoneNumber
+ - Organization - A property of type System.String, derived from the
+ directory attribute: o
+ - OtherName - A property of type System.String, derived from the
+ directory attribute: middleName
+ - POBox - A property of type System.String, derived from the
+ directory attribute: postOfficeBox
+ - PostalCode - A property of type System.String, derived from the
+ directory attribute: postalCode
+ - ProfilePath - A property of type System.String, derived from the
+ directory attribute: profilePath. This property is not supported
+ by AD LDS.
+ - ScriptPath - A property of type System.String, derived from the
+ directory attribute: scriptPath. This property is not supported
+ by AD LDS.
+ - SmartcardLogonRequired - A property of type System.Boolean,
+ derived from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not
+ supported by AD LDS.
+ - State - A property of type System.String, derived from the
+ directory attribute: st
+ - StreetAddress - A property of type System.String, derived from
+ the directory attribute: streetAddress
+ - Surname - A property of type System.String, derived from the
+ directory attribute: sn
+ - Title - A property of type System.String, derived from the
+ directory attribute: title
+ - ADGroup -Represents a group and is derived from ADPrincipal. An
+ ADGroup may contain the following properties in addition to those
+ inherited from its parent.
+ - GroupCategory - A property of type
+ Microsoft.ActiveDirectory.Management.ADGroupCategory, derived from
+ the directory attribute: groupType
+ - GroupScope - A property of type
+ Microsoft.ActiveDirectory.Management.ADGroupScope, derived from the
+ directory attribute: groupType
+ - ManagedBy - A property of type System.String, derived from the
+ directory attribute: managedBy
+ - Members - A property of type System.String, derived from the
+ directory attribute: member
+ - ADDefaultDomainPasswordPolicy - Represents the domain-wide password policy
+ of an Active Directory domain and is derived from ADEntity. This class is
+ not supported by AD LDS. An ADDefaultDomainPasswordPolicy may contain the
+ following properties in addition to those inherited from its parent.
+ - ComplexityEnabled - A property of type System.Boolean, derived from the
+ directory attribute: pwdProperties
+ - DistinguishedName - A property of type System.String, derived from the
+ directory attribute: distinguishedName
+ - LockoutDuration - A property of type System.TimeSpan, derived from the
+ directory attribute: lockoutDuration
+ - LockoutObservationWindow - A property of type System.TimeSpan, derived
+ from the directory attribute: lockoutObservationWindow
+ - LockoutThreshold - A property of type System.Int32, derived from the
+ directory attribute: lockoutThreshold
+ - MaxPasswordAge - A property of type System.TimeSpan, derived from the
+ directory attribute: maxPwdAge
+ - MinPasswordAge - A property of type System.TimeSpan, derived from the
+ directory attribute: minPwdAge
+ - MinPasswordLength - A property of type System.Int32, derived from the
+ directory attribute: minPwdLength
+ - PasswordHistoryCount - A property of type System.Int32, derived from the
+ directory attribute: pwdHistoryLength
+ - ReversibleEncryptionEnabled - A property of type System.Boolean, derived
+ from the directory attribute: pwdProperties
+ - ADForest - Represents a Active Directory forest in AD DS or a Configuration
+ Set in AD LDS and is derived from ADEntity. This class is not supported by
+ AD LDS. An ADForest may contain the following properties in addition to
+ those inherited from its parent.
+ - ApplicationPartitions - A property of type System.String, derived from
+ the directory attribute: ApplicationPartitions
+ - CrossForestReferences - A property of type System.String, derived from
+ the directory attribute: CrossForestReferences
+ - DomainNamingMaster - A property of type System.String, derived from the
+ directory attribute: DomainNamingMaster
+ - Domains - A property of type System.String, derived from the directory
+ attribute: Domains
+ - ForestMode - A property of type System.Int32, derived from the directory
+ attribute: msDS-Behavior-Version
+ - GlobalCatalogs - A property of type System.String, derived from the
+ directory attribute: GlobalCatalogs
+ - Name - A property of type System.String, derived from the directory
+ attribute: name
+ - PartitionContainerName - A property of type System.String, derived from
+ the directory attribute: distinguishedName
+ - RootDomain - A property of type System.String, derived from the directory
+ attribute: RootDomain
+ - SchemaMaster - A property of type System.String, derived from the
+ directory attribute: SchemaMaster
+ - Sites - A property of type System.String, derived from the directory
+ attribute: Sites
+ - SPNSuffixes - A property of type System.String, derived from the
+ directory attribute: msDS-SPNSuffixes
+ - UPNSuffixes - A property of type System.String, derived from the
+ directory attribute: uPNSuffixes
+ - ADDirectoryServer - Represents a directory server used as either a domain
+ controller or an AD LDS instance and is derived from ADEntity. An
+ ADDirectoryServer may contain the following properties in addition to those
+ inherited from its parent.
+ - DefaultPartition - A property of type System.String, derived from the
+ directory attribute: DefaultPartition
+ - HostName - A property of type System.String, derived from the directory
+ attribute: HostName
+ - InvocationId - A property of type System.Guid, derived from the directory
+ attribute: InvocationId
+ - IPv4Address - A property of type System.String, derived from the
+ directory attribute: HostName
+ - IPv6Address - A property of type System.String, derived from the
+ directory attribute: HostName
+ - LdapPort - A property of type System.Int32, derived from the directory
+ attribute: LdapPort
+ - Name - A property of type System.String, derived from the directory
+ attribute: Name
+ - NTDSSettingsObjectDN - A property of type System.String, derived from the
+ directory attribute: NTDSSettingsObjectDN
+ - OperationMasterRoles - A property of type
+ Microsoft.ActiveDirectory.Management.ADOperationMasterRole, derived from
+ the directory attribute: OperationMasterRole
+ - Partitions - A property of type System.String, derived from the directory
+ attribute: Partitions
+ - ServerObjectDN - A property of type System.String, derived from the
+ directory attribute: ServerObjectDN
+ - ServerObjectGuid - A property of type System.Guid, derived from the
+ directory attribute: ServerObjectGuid
+ - Site - A property of type System.String, derived from the directory
+ attribute: Site
+ - SslPort - A property of type System.Int32, derived from the directory
+ attribute: SslPort
+ - ADDomainController - Represents a domain controller in AD DS and is
+ derived from ADDirectoryServer. An ADDomainController may contain the
+ following properties in addition to those inherited from its parent.
+ - ComputerObjectDN - A property of type System.String, derived from the
+ directory attribute: ComputerDN
+ - Domain - A property of type System.String, derived from the directory
+ attribute: Domain
+ - Enabled - A property of type System.Boolean, derived from the directory
+ attribute: Enabled
+ - Forest - A property of type System.String, derived from the directory
+ attribute: Forest
+ - IsGlobalCatalog - A property of type System.Boolean, derived from the
+ directory attribute: IsGlobalCatalog
+ - IsReadOnly - A property of type System.Boolean, derived from the
+ directory attribute: IsReadOnly
+ - OperatingSystem - A property of type System.String, derived from the
+ directory attribute: OSName
+ - OperatingSystemHotfix - A property of type System.String, derived from
+ the directory attribute: OSHotFix
+ - OperatingSystemServicePack - A property of type System.String, derived
+ from the directory attribute: OSServicepack
+ - OperatingSystemVersion - A property of type System.String, derived from
+ the directory attribute: OSVersion
diff --git a/docset/winserver2012-ps/activedirectory/New-ADOrganizationalUnit.md b/docset/winserver2012-ps/activedirectory/New-ADOrganizationalUnit.md
index 4186ca2b4a..8933342624 100644
--- a/docset/winserver2012-ps/activedirectory/New-ADOrganizationalUnit.md
+++ b/docset/winserver2012-ps/activedirectory/New-ADOrganizationalUnit.md
@@ -8,6 +8,7 @@ schema: 2.0.0
# New-ADOrganizationalUnit
## SYNOPSIS
+
Creates a new Active Directory organizational unit.
## SYNTAX
@@ -21,102 +22,87 @@ New-ADOrganizationalUnit [-WhatIf] [-Confirm] [-AuthType ] [-City New-ADOrganizationalUnit -Name UserAccounts -Path "DC=FABRIKAM,DC=COM"
+PS C:\> New-ADOrganizationalUnit -Name "UserAccounts" -Path "DC=FABRIKAM,DC=COM"
```
-Description
+This command creates an OU named UserAccounts that is protected from accidental deletion. Note that accidental protection is implicit.
------------
+### Example 2: Create an OU that is not protected from accidental deletion
-Creates a new OrganizationalUnit named 'UserAccounts' which is protected from accidental deletion.
-
-### -------------------------- EXAMPLE 2 --------------------------
```
-C:\PS>New-ADOrganizationalUnit -Name UserAccounts -Path "DC=FABRIKAM,DC=COM" -ProtectedFromAccidentalDeletion $false
+PS C:\> New-ADOrganizationalUnit -Name "UserAccounts" -Path "DC=FABRIKAM,DC=COM" -ProtectedFromAccidentalDeletion $False
```
-Description
-
------------
+This command creates an OU named UserAccounts that is not protected from accidental deletion.
-Creates a new OrganizationalUnit named 'UserAccounts' which is not protected from deletion.
+### Example 3: Create an OU that is protected from accidental deletion
-### -------------------------- EXAMPLE 3 --------------------------
```
-C:\PS>New-ADOrganizationalUnit -Name UserAccounts -Path "DC=FABRIKAM,DC=COM" -OtherAttributes @{seeAlso="CN=HumanResourceManagers,OU=Groups,OU=Managed,DC=Fabrikam,DC=com";managedBy="CN=TomC,DC=FABRIKAM,DC=COM"}
+PS C:\> New-ADOrganizationalUnit -Name "UserAccounts" -Path "DC=FABRIKAM,DC=COM" -OtherAttributes @{seeAlso="CN=HumanResourceManagers,OU=Groups,OU=Managed,DC=Fabrikam,DC=com";managedBy="CN=TomC,DC=FABRIKAM,DC=COM"}
```
-Description
+This command creates an OU named UserAccounts that is protected from accidental deletion.
+The **seeAlso** and **managedBy** properties are set to specified values.
------------
+### Example 4: Create an OU from a template OU
-Creates an OrganizationalUnit name 'UserAccounts' which is protected from accidental deletion with properties 'seeAlso' and 'managedBy' set to the specified values.
-
-### -------------------------- EXAMPLE 4 --------------------------
```
-C:\PS>$ouTemplate = Get-ADOrganizationalUnit "OU=UserAccounts,DC=Fabrikam,DC=com" -properties seeAlso,managedBy; New-ADOrganizationalUnit -name TomCReports -instance $ouTemplate
+PS C:\> $OuTemplate = Get-ADOrganizationalUnit -Identity "OU=UserAccounts,DC=Fabrikam,DC=com" -Properties seeAlso,managedBy
+PS C:\> New-ADOrganizationalUnit -Name "TomCReports" -Instance $OuTemplate
```
-Description
-
------------
+This command uses the data from the OU OU=UserAccounts,DC=Fabrikam,DC=com as a template for another OU.
-Uses the data from the OrganizationalUnit 'OU=UserAccounts,DC=Fabrikam,DC=com' as a template for another new OrganizationalUnit.
+### Example 5: Create an OU in an AD LDS instance
-### -------------------------- EXAMPLE 5 --------------------------
```
-C:\PS>New-ADOrganizationalUnit -name "Managed" -path "DC=AppNC" -server "FABRIKAM-SRV1:60000"
+PS C:\> New-ADOrganizationalUnit -Name "Managed" -Path "DC=AppNC" -Server "FABRIKAM-SRV1:60000"
```
-Description
-
------------
-
-Creates a new OrganizationalUnit named 'Managed' in an LDS instance.
+This command creates an OU named Managed in an AD LDS instance.
## PARAMETERS
### -AuthType
+
Specifies the authentication method to use.
-Possible values for this parameter include:
-Negotiate or 0
+The acceptable values for this parameter are:
-Basic or 1
+- Negotiate or 0
+- Basic or 1
The default authentication method is Negotiate.
A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.
-The following example shows how to set this parameter to Basic.
-
--AuthType Basic
-
```yaml
Type: ADAuthType
Parameter Sets: (All)
@@ -131,13 +117,10 @@ Accept wildcard characters: False
```
### -City
-Specifies the user's town or city.
-This parameter sets the City property of a user.
-The LDAP display name (ldapDisplayName) of this property is "l".
-
-The following example shows how set this parameter.
--City "Las Vegas"
+Specifies the town or city.
+This parameter sets the **City** property of an OU object.
+The Lightweight Directory Access Protocol (LDAP) display name (**ldapDisplayName**) of this property is `l`.
```yaml
Type: String
@@ -152,6 +135,7 @@ Accept wildcard characters: False
```
### -Confirm
+
Prompts you for confirmation before running the cmdlet.
```yaml
@@ -167,14 +151,11 @@ Accept wildcard characters: False
```
### -Country
-Specifies the country or region code for the user's language of choice.
-This parameter sets the Country property of a user object.
-The LDAP Display Name (ldapDisplayName) of this property is "c".
-This value is not used by Windows 2000.
-The following example shows how set this parameter.
-
--Country "IN"
+Specifies the country or region code.
+This parameter sets the **Country** property of an OU object.
+The LDAP display name (**ldapDisplayName**) of this property is `c`.
+This value is not used by Windows 2000.
```yaml
Type: String
@@ -189,21 +170,16 @@ Accept wildcard characters: False
```
### -Credential
+
Specifies the user account credentials to use to perform this task.
The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive.
If the cmdlet is run from such a provider drive, the account associated with the drive is the default.
-To specify this parameter, you can type a user name, such as "User1" or "Domain01\User01" or you can specify a PSCredential object.
+To specify this parameter, you can type a user name, such as `User1` or `Domain01\User01` or you can specify a **PSCredential** object.
If you specify a user name for this parameter, the cmdlet prompts for a password.
-You can also create a PSCredential object by using a script or by using the Get-Credential cmdlet.
-You can then set the Credential parameter to the PSCredential object The following example shows how to create credentials.
-
-$AdminCredentials = Get-Credential "Domain01\User01"
-
-The following shows how to set the Credential parameter to these credentials.
-
--Credential $AdminCredentials
+You can also create a **PSCredential** object by using a script or by using the [Get-Credential](/powershell/module/microsoft.powershell.security/get-credential) cmdlet.
+You can then set the *Credential* parameter to the **PSCredential** object.
If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.
@@ -220,13 +196,10 @@ Accept wildcard characters: False
```
### -Description
-Specifies a description of the object.
-This parameter sets the value of the Description property for the object.
-The LDAP Display Name (ldapDisplayName) for this property is "description".
-
-The following example shows how to set this parameter to a sample description.
--Description "Description of the object"
+Specifies a description of the object.
+This parameter sets the value of the **Description** property for the OU object.
+The LDAP display name (**ldapDisplayName**) for this property is `description`.
```yaml
Type: String
@@ -241,13 +214,10 @@ Accept wildcard characters: False
```
### -DisplayName
-Specifies the display name of the object.
-This parameter sets the DisplayName property of the object.
-The LDAP Display Name (ldapDisplayName) for this property is "displayName".
-The following example shows how to set this parameter.
-
--DisplayName "Sara Davis Laptop"
+Specifies the display name of the object.
+This parameter sets the **DisplayName** property of the OU object.
+The LDAP display name (**ldapDisplayName**) for this property is `displayName`.
```yaml
Type: String
@@ -262,30 +232,27 @@ Accept wildcard characters: False
```
### -Instance
-Specifies an instance of an organizational unit object to use as a template for a new organizational unit object.
-
-You can use an instance of an existing organizational unit object as a template or you can construct a new organizational unit object by using the Windows PowerShell command line or by using a script.
-The following examples show how to use these two methods to create organizational unit object templates.
-
-Method 1: Use an existing organizational unit object as a template for a new object.
-To retrieve an instance of an existing organizational unit object use Get-ADOrganizationalUnit.
-Then provide this object to the Instance parameter of the New-ADOrganizationalUnit cmdlet to create a new organizational unit object.
-You can override property values of the new object by setting the appropriate parameters.
-$organizationalUnitInstance = Get-ADOrganizationalUnit -Identity accountingAsia
+Specifies an instance of an OU object to use as a template for a new OU object.
-New-ADOrganizationalUnit -Name accountingAustralia -Instance $OrganizationalUnitInstance -Country Australia
+You can use an instance of an existing OU object as a template or you can construct a new OU object by using the Windows PowerShell command line or by using a script.
-Method 2: Create a new ADOrganizationalUnit object and set the property values by using the Windows PowerShell command line interface.
-Then pass this object to the Instance parameter of the New-ADOrganizationalUnit cmdlet to create the new Active Directory organizational unit object.
+Method 1: Use an existing OU object as a template for a new object.
+To retrieve an instance of an existing OU object use Get-ADOrganizationalUnit.
+Then provide this object to the *Instance* parameter of the **New-ADOrganizationalUnit** cmdlet to create a new OU object.
+You can override property values of the new object by setting the appropriate parameters.
-$OrganizationalUnitInstance = new-object Microsoft.ActiveDirectory.Management.ADOrganizationalUnit
+Method 2: Create a new **ADOrganizationalUnit** object and set the property values by using the Windows PowerShell command line interface.
+Then pass this object to the *Instance* parameter of the **New-ADOrganizationalUnit** cmdlet to create the new Active Directory OU object.
+```powershell
+$OrganizationalUnitInstance = New-Object -ComObject Microsoft.ActiveDirectory.Management.ADOrganizationalUnit
$OrganizationalUnitInstance.Country = Australia
+New-ADOrganizationalUnit -Name accountingAustralia -Instance $OrganizationalUnitInstance
+```
-New-ADOrganizationalUnit -Name accountingAustralia -Instance $OrganizationalUnitInstance
-
-Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set will raise an error.
+> [!NOTE]
+> Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set raises an error.
```yaml
Type: ADOrganizationalUnit
@@ -300,30 +267,17 @@ Accept wildcard characters: False
```
### -ManagedBy
-Specifies the user or group that manages the object by providing one of the following property values.
-Note: The identifier in parentheses is the LDAP display name for the property.
-
-Distinguished Name
-
-Example: CN=SaraDavis,OU=Europe,CN=Users,DC=corp,DC=contoso,DC=com
-
-GUID (objectGUID)
-
-Example: 599c3d2e-f72d-4d20-8a88-030d99495f20
-
-Security Identifier (objectSid)
-
-Example: S-1-5-21-3165297888-301567370-576410423-1103
-SAM Account Name (sAMAccountName)
-
-Example: saradavis
-
-This parameter sets the Active Directory attribute with an LDAP Display Name of "managedBy".
+Specifies the user or group that manages the object by providing one of the following property values.
+Note: The identifier in parentheses is the LDAP display name for the property.
+The acceptable values for this parameter are:
-The following example shows how to specify this parameter.
+- A distinguished name
+- A GUID (objectGUID)
+- A security identifier (objectSid)
+- A SAM account name (sAMAccountName)
--ManagedBy ContosoAdmins
+This parameter sets the Active Directory attribute with an LDAP display name of `managedBy`.
```yaml
Type: ADPrincipal
@@ -338,13 +292,10 @@ Accept wildcard characters: False
```
### -Name
-Specifies the name of the object.
-This parameter sets the Name property of the Active Directory object.
-The LDAP Display Name (ldapDisplayName) of this property is "name".
-
-The following example shows how to set this parameter to a name string.
--Name "SaraDavis"
+Specifies the name of the object.
+This parameter sets the **Name** property of the OU object.
+The LDAP display name (**ldapDisplayName**) of this property is `name`.
```yaml
Type: String
@@ -359,35 +310,23 @@ Accept wildcard characters: False
```
### -OtherAttributes
+
Specifies object attribute values for attributes that are not represented by cmdlet parameters.
You can set one or more parameters at the same time with this parameter.
If an attribute takes more than one value, you can assign multiple values.
-To identify an attribute, specify the LDAPDisplayName (ldapDisplayName) defined for it in the Active Directory schema.
-
-Syntax:
+To identify an attribute, specify the LDAP display name (**ldapDisplayName**) defined for it in the Active Directory schema.
To specify a single value for an attribute:
--OtherAttributes @{'AttributeLDAPDisplayName'=value}
-
-To specify multiple values for an attribute
-
--OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...}
+`-OtherAttributes @{'AttributeLDAPDisplayName'=value}`
-You can specify values for more than one attribute by using semicolons to separate attributes.
-The following syntax shows how to set values for multiple attributes:
+To specify multiple values for an attribute, separate the values with a comma:
--OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...}
+`-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...}`
-The following examples show how to use this parameter.
+To specify values for multiple attributes, separate the attributes with a semi-colon:
-To set the value of a custom attribute called favColors that takes a set of Unicode strings, use the following syntax:
-
--OtherAttributes @{'favColors'="pink","purple"}
-
-To set values for favColors and dateOfBirth simultaneously, use the following syntax:
-
--OtherAttributes @{'favColors'="pink","purple"; 'dateOfBirth'=" 01/01/1960"}
+`-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...}`
```yaml
Type: Hashtable
@@ -402,9 +341,9 @@ Accept wildcard characters: False
```
### -PassThru
-Returns the new or modified object.
-By default (i.e.
-if -PassThru is not specified), this cmdlet does not generate any output.
+
+Returns an object representing the item with which you are working.
+By default, this cmdlet does not generate any output.
```yaml
Type: SwitchParameter
@@ -419,31 +358,33 @@ Accept wildcard characters: False
```
### -Path
-Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created.
-In many cases, a default value will be used for the Path parameter if no value is specified.
-The rules for determining the default value are given below.
-Note that rules listed first are evaluated first and once a default value can be determined, no further rules will be evaluated.
+Specifies the X.500 path of the OU or container where the new object is created.
-In AD DS environments, a default value for Path will be set in the following cases:
+In many cases, a default value is used for the *Path* parameter if no value is specified.
+The rules for determining the default value are given below.
+Note that rules listed first are evaluated first and when a default value can be determined, no further rules are evaluated.
-- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive.
-- If the cmdlet has a default path, this will be used. For example: in New-ADUser, the Path parameter would default to the Users container.
-- If none of the previous cases apply, the default value of Path will be set to the default partition or naming context of the target domain.
-
-In AD LDS environments, a default value for Path will be set in the following cases:
+In Active Directory Domain Services (AD DS) environments, a default value for *Path* is set in the following cases:
- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive.
-- If the cmdlet has a default path, this will be used. For example: in New-ADUser, the Path parameter would default to the Users container.
-- If the target AD LDS instance has a default naming context, the default value of Path will be set to the default naming context. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance.
-- If none of the previous cases apply, the Path parameter will not take any default value.
+- If the cmdlet has a default path, this is used.
+For example: in **New-ADUser**, the *Path* parameter defaults to the Users container.
+- If none of the previous cases apply, the default value of *Path* is set to the default partition or naming context of the target domain.
-The following example shows how to set this parameter to an OU.
+In AD LDS environments, a default value for *Path* is set in the following cases:
--Path "ou=mfg,dc=noam,dc=corp,dc=contoso,dc=com"
+- If the cmdlet is run from an Active Directory module for PowerShell provider drive, the parameter is set to the current path of the provider drive.
+- If the cmdlet has a default path, this is used.
+For example: in **New-ADUser**, the *Path* parameter defaults to the Users container.
+- If the target AD LDS instance has a default naming context, the default value of *Path* is set to the default naming context.
+ To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance.
+- If none of the previous cases apply, the *Path* parameter does not take any default value.
-Note: The Active Directory Provider cmdlets, such New-Item, Remove-Item, Remove-ItemProperty, Rename-Item and Set-ItemProperty also contain a Path property.
-However, for the provider cmdlets, the Path parameter identifies the path of the actual object and not the container as with the Active Directory cmdlets.
+> [!NOTE]
+> The Active Directory Provider cmdlets, such as **New-Item**, **Remove-Item**, **Remove-ItemProperty**, **Rename-Item**, and **Set-ItemProperty**, also contain a **Path** property.
+>
+> However, for the Active Directory Provider cmdlets, the *Path* parameter identifies the path of the actual object rather than the container.
```yaml
Type: String
@@ -458,13 +399,10 @@ Accept wildcard characters: False
```
### -PostalCode
-Specifies the user's postal code or zip code.
-This parameter sets the PostalCode property of a user.
-The LDAP Display Name (ldapDisplayName) of this property is "postalCode".
-
-The following example shows how to set this parameter.
--PostalCode "28712"
+Specifies the postal code or zip code.
+This parameter sets the **PostalCode** property of an OU object.
+The LDAP display name (**ldapDisplayName**) of this property is `postalCode`.
```yaml
Type: String
@@ -479,17 +417,13 @@ Accept wildcard characters: False
```
### -ProtectedFromAccidentalDeletion
-Specifies whether to prevent the object from being deleted.
-When this property is set to true, you cannot delete the corresponding object without changing the value of the property.
-Possible values for this parameter include:
-
-$false or 0
-
-$true or 1
-The following example shows how to set this parameter to true.
+Indicates whether to prevent the object from being deleted.
+When this property is set to $True, you cannot delete the corresponding object without changing the value of the property.
+The acceptable values for this parameter are:
--ProtectedFromAccidentalDeletion $true
+- $False or 0
+- $True or 1
```yaml
Type: Boolean
@@ -504,44 +438,28 @@ Accept wildcard characters: False
```
### -Server
-Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server.
-The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.
-Domain name values:
-
-Fully qualified domain name
+Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server.
+The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance.
-Examples: corp.contoso.com
+Specify the AD DS instance in one of the following ways:
-NetBIOS name
+Domain name values:
-Example: CORP
+- Fully qualified domain name
+- NetBIOS name
Directory server values:
-Fully qualified directory server name
-
-Example: corp-DC12.corp.contoso.com
-
-NetBIOS name
-
-Example: corp-DC12
-
-Fully qualified directory server name and port
-
-Example: corp-DC12.corp.contoso.com:3268
-
-The default value for the Server parameter is determined by one of the following methods in the order that they are listed:
-
--By using Server value from objects passed through the pipeline.
+- Fully qualified directory server name
+- NetBIOS name
+- Fully qualified directory server name and port
--By using the server information associated with the Active Directory PowerShell provider drive, when running under that drive.
+The default value for this parameter is determined by one of the following methods in the order that they are listed:
--By using the domain of the computer running Powershell.
-
-The following example shows how to specify a full qualified domain name as the parameter value.
-
--Server "corp.contoso.com"
+- By using the *Server* value from objects passed through the pipeline
+- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive
+- By using the domain of the computer running Windows PowerShell
```yaml
Type: String
@@ -556,13 +474,10 @@ Accept wildcard characters: False
```
### -State
-Specifies the user's or Organizational Unit's state or province.
-This parameter sets the State property of a User or Organizational Unit object.
-The LDAP display name (ldapDisplayName) of this property is "st".
-
-The following example shows how set this parameter.
--State "Nevada"
+Specifies a state or province.
+This parameter sets the **State** property of an OU object.
+The LDAP display name (**ldapDisplayName**) of this property is `st`.
```yaml
Type: String
@@ -577,13 +492,10 @@ Accept wildcard characters: False
```
### -StreetAddress
-Specifies the organizational unit's street address.
-This parameter sets the StreetAddress property of a organizational unit object.
-The LDAP display name (ldapDisplayName) of this property is "street".
-The following example shows how to set this parameter.
-
--StreetAddress "1200 Main Street"
+Specifies a street address.
+This parameter sets the **StreetAddress** property of an OU object.
+The LDAP display name (**ldapDisplayName**) of this property is `street`.
```yaml
Type: String
@@ -598,6 +510,7 @@ Accept wildcard characters: False
```
### -WhatIf
+
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
@@ -614,23 +527,26 @@ Accept wildcard characters: False
```
### CommonParameters
-This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
+
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
## INPUTS
### None or Microsoft.ActiveDirectory.Management.ADOrganizationalUnit
-An organizational unit object that is a template for the new organizational unit object is received by the Instance parameter.
+
+An OU object that is a template for the new OU object is received by the **Instance** parameter.
## OUTPUTS
### None or Microsoft.ActiveDirectory.Management.ADOrganizationalUnit
-Returns the new organizational unit object when the PassThru parameter is specified.
+
+Returns the new OU object when the **PassThru** parameter is specified.
By default, this cmdlet does not generate any output.
## NOTES
-* This cmdlet does not work with an Active Directory Snapshot.
- This cmdlet does not work with a read-only domain controller.
+- This cmdlet does not work with an Active Directory Snapshot.
+- This cmdlet does not work with a read-only domain controller.
## RELATED LINKS
@@ -639,4 +555,3 @@ By default, this cmdlet does not generate any output.
[Remove-ADOrganizationalUnit](./Remove-ADOrganizationalUnit.md)
[Set-ADOrganizationalUnit](./Set-ADOrganizationalUnit.md)
-
diff --git a/docset/winserver2012-ps/hyper-v/Get-VMNetworkAdapter.md b/docset/winserver2012-ps/hyper-v/Get-VMNetworkAdapter.md
index 60498ae978..4e144f39b5 100644
--- a/docset/winserver2012-ps/hyper-v/Get-VMNetworkAdapter.md
+++ b/docset/winserver2012-ps/hyper-v/Get-VMNetworkAdapter.md
@@ -132,7 +132,7 @@ Accept wildcard characters: False
### -VM
Specifies the virtual machine whose virtual network adapters are to be retrieved.
-. The asterisk, "*", is the wildcard.
+The asterisk, "*", is the wildcard.
If it is specified the cmdlet returns virtual network adapters from every virtual machine in the system.
```yaml
diff --git a/docset/winserver2012-ps/pki/Import-Certificate.md b/docset/winserver2012-ps/pki/Import-Certificate.md
index 33606d434b..1d80abf1ba 100644
--- a/docset/winserver2012-ps/pki/Import-Certificate.md
+++ b/docset/winserver2012-ps/pki/Import-Certificate.md
@@ -80,6 +80,8 @@ Accept wildcard characters: False
Specifies the path to a certificate file to be imported.
Acceptable formats include .sst, .p7b, and .cert files.
If the file contains multiple certificates, then each certificate will be imported to the destination store.
+The file must be in .sst format to import multiple certificates;
+otherwise, only the first certificate in the file will be imported.
```yaml
Type: String
diff --git a/docset/winserver2012r2-ps/activedirectory/About/About.md b/docset/winserver2012r2-ps/activedirectory/About/About.md
new file mode 100644
index 0000000000..449df28850
--- /dev/null
+++ b/docset/winserver2012r2-ps/activedirectory/About/About.md
@@ -0,0 +1,26 @@
+---
+description: About articles for the ActiveDirectory module.
+Help Version: 3.1.0.0
+Locale: en-US
+ms.date: 07/03/2024
+title: About articles
+---
+# About topics
+
+## Description
+
+About topics cover a range of concepts about PowerShell.
+
+## About Topics
+
+### [about_ActiveDirectory](about_ActiveDirectory.md)
+The Active Directory module is a command line interface for managing Active Directory.
+
+### [about_ActiveDirectory_Filter](about_ActiveDirectory_Filter.md)
+Describes the syntax and behavior of the search filter supported by the Active Directory module for Windows PowerShell.
+
+### [about_ActiveDirectory_Identity](about_ActiveDirectory_Identity.md)
+The Active Directory module for Windows PowerShell objects have a range of identifying attributes that are used for search and retrieval.
+
+### [about_ActiveDirectory_ObjectModel](about_ActiveDirectory_ObjectModel.md)
+Describes the object model of the Active Directory module for Windows PowerShell.
diff --git a/docset/winserver2012r2-ps/activedirectory/About/about_ActiveDirectory.md b/docset/winserver2012r2-ps/activedirectory/About/about_ActiveDirectory.md
new file mode 100644
index 0000000000..1b7183dcd2
--- /dev/null
+++ b/docset/winserver2012r2-ps/activedirectory/About/about_ActiveDirectory.md
@@ -0,0 +1,81 @@
+---
+title: about_ActiveDirectory
+ms.date: 04/22/2013
+description: The Active Directory module is a command line interface for managing Active Directory.
+Locale: en-US
+schema: 2.0.0
+---
+
+# about_ActiveDirectory
+
+## SHORT DESCRIPTION
+
+The Active Directory module is a command line interface for managing Active
+Directory.
+
+## LONG DESCRIPTION
+
+The Active Directory module for Windows PowerShell is for IT Professionals who
+are administering and interfacing with Active Directory. The Active Directory
+module provides an efficient way to complete many administrative,
+configuration, and diagnostic tasks across Active Directory Domain Services (AD
+DS) and Active Directory Lightweight Directory Services (AD LDS) instances in
+their environments. The Active Directory module includes a set of Windows
+PowerShell cmdlets and a provider. The provider exposes the Active Directory
+database through a hierarchical navigation system, which is very similar to the
+file system. As with drives in a file system, such as C:, you can connect
+Windows PowerShell drives to Active Directory domains and AD LDS, as well as
+Active Directory snapshots.
+
+### Coverage of Active Directory Module Cmdlets
+
+Create, Read, Update, and Delete actions are supported for Active Directory
+objects by cmdlets such as `New-ADUser`, `Get-ADOrganizationalUnit`,
+`Set-ADComputer`, and `Remove-ADUser`.
+
+Account and Password Policy Management are supported by cmdlets such as
+`Enable-ADAccount`, `Unlock-ADAccount`, `New-ADServiceAccount`,
+`Set-ADAccountControl`, and `Remove-ADFineGrainedPasswordPolicy`.
+
+Domain and Forest Management is supported by cmdlets such as `Get-ADForest`,
+`Set-ADForest`, `Set-ADForestMode`, `Enable-ADOptionalFeature`,
+`Get-ADDomainController`, and `Get-ADDomain`.
+
+### Listing the Active Directory Module Cmdlets
+
+To get a list of all of the Active Directory module cmdlets, run
+
+```powershell
+Get-Command -Module ActiveDirectory
+```
+
+### Getting Started
+
+Getting started with the Active Directory module for Windows PowerShell is as
+easy as clicking the following shortcut:
+
+Run the following command in any Windows PowerShell prompt to import the Active
+Directory module:
+
+```powershell
+Import-Module ActiveDirectory
+```
+
+### Overview and Conceptual Topics
+
+The first two of these topics offer a high level overview of the Active
+Directory module and the Active Directory Provider.
+
+- For a brief introduction to the Active Directory provider for Windows
+ PowerShell, see [ActiveDirectory](/powershell/module/activedirectory).
+- The following topics are conceptual support topics for the Active Directory
+ module cmdlets.
+ - For an introduction to the **Identity** parameter, which is used by the
+ Active Directory module cmdlets to identify objects in the directory, see
+ [about_ActiveDirectory_Identity](about_ActiveDirectory_Identity.md).
+ - For an introduction to the **Filter** parameter which is used by Active
+ Directory module cmdlets to search for objects in the directory, see
+ [about_ActiveDirectory_Filter](about_ActiveDirectory_Filter.md).
+ - For an introduction to the .NET Framework-based object model implemented by
+ the Active Directory module, see
+ [about_ActiveDirectory_ObjectModel](about_ActiveDirectory_ObjectModel.md).
diff --git a/docset/winserver2012r2-ps/activedirectory/About/about_ActiveDirectory_Filter.md b/docset/winserver2012r2-ps/activedirectory/About/about_ActiveDirectory_Filter.md
new file mode 100644
index 0000000000..23a83c0a0a
--- /dev/null
+++ b/docset/winserver2012r2-ps/activedirectory/About/about_ActiveDirectory_Filter.md
@@ -0,0 +1,351 @@
+---
+title: about_ActiveDirectory_Filter
+ms.date: 04/22/2013
+description: Describes the syntax and behavior of the search filter supported by the Active Directory module for Windows PowerShell.
+Locale: en-US
+schema: 2.0.0
+---
+
+# about_ActiveDirectory_Filter
+
+## SHORT DESCRIPTION
+
+Describes the syntax and behavior of the search filter supported by the Active
+Directory module for Windows PowerShell.
+
+## LONG DESCRIPTION
+
+Most get-AD* Active Directory module cmdlets use the Filter parameter to search
+for objects. The Filter parameter has been implemented to replace the function
+of the LDAP Filter and adds support for PowerShell variables, rich data types,
+improved error checking and an Active Directory extended form of the PowerShell
+Expression Language.
+
+
+- Support for LDAP Filter Syntax
+
+ The LDAP filter syntax is supported through the **LDAPFilter** parameter. You
+ will find LDAP filter examples along with the new Active Directory module
+ filter examples in the Filter Examples section of this topic.
+
+
+- Search Breadth and Depth
+
+ The breadth and depth of your filter-driven search can be modified by two
+ Active Directory module cmdlet parameters: **SearchBase** and **SearchScope**.
+
+ When within the context of the Active Directory provider, if the
+ **Searchbase** parameter is not specified, **SearchBase** will default to the
+ current path. When not running under the Active Directory provider, the
+ **SearchBase** will default to the server's **DefaultNamingContext**.
+
+ The **SearchScope** parameter defaults to the value `Subtree`, of the
+ enumerated type **ADSearchScope**.
+
+ For more information, see the **SearchBase** and **SearchScope** parameter
+ descriptions on any `Get-AD*` cmdlet.
+
+- Search Result Behavior
+
+ The behavior of the Active Directory module when returning results of a
+ search is modified by two cmdlet parameters: **ResultPageSize** and
+ **ResultSetSize**.
+
+ **ResultSetSize** controls the maximum number of returned objects.
+
+ **ResultPageSize** specifies the maximum number of objects for each returned
+ page of information.
+
+ See the **ResultPageSize** and **ResultSetSize** parameter descriptions on
+ any `Get-AD*` cmdlet for more information.
+
+
+- Timeout Behavior
+
+ The following statements specify timeout conditions within the Active
+ Directory module and describe what can be done about a timeout them.
+
+ The default Active Directory module timeout for all operations is 2
+ minutes.
+
+ For search operation, the Active Directory module uses paging control
+ with a 2-minute timeout for each page search.
+
+ > [!NOTE]
+ > Because a search may involve multiple server page requests the overall
+ > search time may exceed 2 minutes.
+
+ A **TimeoutException** error indicates that a timeout has occurred.
+
+ For a search operation, you can choose to use a smaller page size, set with
+ the **ResultPageSize** parameter, if you are getting a **TimeoutException**
+ error.
+
+ If after trying these changes you are still getting a **TimeoutException**
+ error, consider optimizing your filter using the guidance in the
+ Optimizing Filters section of this topic.
+
+
+- Optimizing Filters
+
+ You can enhance the search filter behavior by using these guidelines.
+
+ - Avoid using the **Recursive** parameter as it intensifies resource usage of
+ the search operation.
+ - Avoid using bitwise AND operators and bitwise OR operators. For more
+ information, see the Supported Operators section of this topic.
+ - Avoid using the logical NOT operator.
+ - Break down your search into multiple queries with narrower conditions.
+
+ For a full description of filter syntax and usage, see the Filter Syntax
+ section of this topic.
+
+
+## Filter Examples
+
+The following section shows many examples of filter use in common queries.
+
+### Example 1 - Get all entries:
+
+- LDAP Filter Equivalent: `(objectClass=*)`
+
+```powershell
+Get-ADObject -Filter 'ObjectClass -like "*"'
+```
+
+### Example 2 - Get entries containing "bob" somewhere in the common name
+
+- LDAP Filter Equivalent: `(cn=*bob*)`
+
+```powershell
+Get-ADObject -Filter 'CN -like "*bob*"'
+```
+
+### Example 3 - Get entries with a bad password count greater than five
+
+- LDAP Filter Equivalent: `(&(!badpwdcount<=5)(badpwdcount=*))`
+
+```powershell
+Get-ADUser -Filter 'badpwdcount -ge 5'
+```
+
+### Example 4 - Get all users with an e-mail attribute
+
+- LDAP Filter Equivalent: `(&(objectClass=user)(email=*))`
+
+```powershell
+Get-ADUser -filter 'email -like "*"'
+```
+
+-or-
+
+```powershell
+Get-ADObject -filter 'email -like "*" -and ObjectClass -eq "user"'
+```
+
+### Example 5 - Get all user entries with an e-mail attribute and a surname equal to "smith":
+
+- LDAP Filter Equivalent: `(&(sn=smith)(objectClass=user)(email=*))`
+
+```powershell
+Get-ADUser -Filter 'Email -like "*" -and SurName -eq "smith"'
+```
+
+-or-
+
+```powershell
+Get-ADUser -Filter 'Email -like "*" -and sn -eq "smith"'
+```
+
+
+### Example 6 - Get all user entries with a common name that starts with "andy" and users with a common name of "steve" or "margaret"
+
+- LDAP Filter Equivalent: `(&(objectClass=user) | (cn=andy*)(cn=steve)(cn=margaret))`
+
+```powershell
+Get-ADUser -Filter 'CN -like "andy*" -or CN -eq "steve" -or CN -eq "margaret"'
+```
+
+
+This example demonstrates a more complex logic and the use of precedence
+control via parenthesis.
+
+```powershell
+Get-ADObject -Filter 'objectClass -eq "user" -and (CN -like "andy*" -or CN -eq "steve" -or CN -eq "margaret")'
+```
+
+### Example 7 - Get all entries without an e-mail attribute
+
+- LDAP Filter Equivalent: `(!(email=*))`
+
+```powershell
+Get-ADUser -Filter '-not Email -like "*"'
+```
+
+-or-
+
+```powershell
+Get-ADUser -Filter 'Email -notlike "*"'
+```
+
+### Example 8 - Get all users who did not logon since January 1, 2007
+
+- LDAP Filter Equivalent: `(&(lastlogon<=X)(objectClass=user))` where X is
+ number of 100-nanosecond slices since Jan 1st 1601
+
+```powershell
+$date = new-object System.DateTime -ArgumentList @(2007,1,1,0,0,0)
+Get-ADUser -Filter '-not LastLogon -le $date'
+```
+
+### Example 9 - Get all users who have logged on in the last 5 days
+
+- LDAP Filter Equivalent:
+
+ ```
+ (&(lastLogon>=128812906535515110)
+ (objectClass=user)(!(objectClass=computer)))
+ ```
+
+```powershell
+$date = (get-date) - (new-timespan -days 5)
+Get-ADUser -Filter 'lastLogon -gt $date'
+```
+
+### Example 10 - Search for group objects that have the ADS_GROUP_TYPE_SECURITY_ENABLED flag set
+
+- LDAP Filter Equivalent:
+ `(&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2147483648))`
+
+The following example query string searches for group objects that have the
+ADS_GROUP_TYPE_SECURITY_ENABLED flag set. Be aware that the decimal value of
+ADS_GROUP_TYPE_SECURITY_ENABLED (0x80000000 = 2147483648) is used for the
+comparison value.
+
+```powershell
+Get-ADGroup -filter 'groupType -band 0x80000000'
+```
+
+### Example 11 - Search the ancestry of an object
+
+- LDAP Filter Equivalent:
+ `(memberof:1.2.840.113556.1.4.1941:=(cn=Group1,OU=groupsOU,DC=x)))`
+
+The LDAP_MATCHING_RULE_IN_CHAIN is a matching rule OID that is designed to
+provide a method to look up the ancestry of an object. Many applications using
+Active Directory and AD LDS usually work with hierarchical data, which is
+ordered by parent-child relationships. Previously, applications performed
+transitive group expansion to figure out group membership, which used a lot of
+network bandwidth. Applications made multiple round-trips to figure out if an
+object fell "in the chain" if a link were traversed through to the end.
+
+An example of such a query is one designed to check if a user, "user1" is a
+member of group "group1". "user1" may not be a direct member of group1. It
+could be a member of some other group, which is a member of "group1".
+
+You would set the base to the user DN and the scope to base, and use the query:
+
+```powershell
+Get-ADUser -Filter 'memberOf -RecursiveMatch "CN=Administrators, CN=Builtin,DC=Fabrikam,DC=com"' -SearchBase "CN=Administrator,CN=Users,DC=Fabrikam,DC=com"
+```
+
+## Filter Syntax
+
+The following syntax descriptions use Backus-Naur form to show the PowerShell
+Expression Language for the Filter parameter.
+
+```Syntax
+ ::= "{" "}"
+
+ ::= |
+ |
+
+
+ ::= |
+ "(" ")"
+
+ ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt" |
+ "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" |
+ "-notlike"
+
+ ::= "-and" | "-or"
+
+ ::= "-not"
+
+ ::= |
+
+::= < this value will be compared to the object data for
+ attribute using the specified filter operator
+```
+
+
+## Supported Operators
+
+The following table shows frequently used search filter operators.
+
+| Operator | Description | LDAP Equivalent |
+| ----------------- | -------------------------------------- | -------------------------- |
+| `-eq` | Equal to. Wildcards not supported. | = |
+| `-ne` | Not equal to. Wildcards not supported. | !x = y |
+| `-approx` | Approximately equal to | ~= |
+| `-le` | Lexicographically less than | <= |
+| | or equal to | |
+| `-lt` | Lexicographically less than | !x >= y |
+| `-ge` | Lexicographically greater | >= |
+| | than or equal to | |
+| `-gt` | Lexicographically greater than | !x <= y |
+| | | |
+| `-and` | AND | & |
+| `-or` | OR | |
+| `-not` | NOT | ! |
+| `-bor` | Bitwise OR | :1.2.840.113556.1.4.804:= |
+| `-band` | Bitwise AND | :1.2.840.113556.1.4.803:= |
+| `-recursivematch` | Use LDAP_MATCHING_RULE_IN_CHAIN | :1.2.840.113556.1.4.1941:= |
+| `-like` | Similar to `-eq` and supports | = |
+| | wildcard comparison. The only | |
+| | wildcard character supported is: `*` | |
+| `-notlike` | Not like. Supports wild | !x = y |
+| | card comparison. | |
+
+> [!NOTE]
+> PowerShell wildcards, other than "*", such as "?" are not supported by the
+> **Filter** parameter syntax.
+
+### Operator Precedence
+
+The following listing shows the precedence of operators for filters from
+highest to lowest.
+
+- Highest precedence: `-eq`, `-ge`, `-le`, `-approx`, `-band`, `-bor`,
+ `-recursivematch`, `-ne`, `-like`, `-not`, `-and`
+- Lowest precedence: `-or`
+
+### Special Characters
+
+The following escape sequence should be used for specifying special characters
+in AD Filter STRING data, that is, data enclosed in double or single quotes.
+
+| ASCII Character | Escape sequence substitute |
+| --------------- | --------------------------------------------------- |
+| `"` | `` `" `` (This escape sequence is only required if |
+| | STRING data is enclosed in double quotes.) |
+| `'` | `''` (This escape sequence is only required if |
+| | STRING data is enclosed in single quotes.) |
+| NUL | `\00` (This is a standard LDAP escape sequence.) |
+| `\` | `\5c` (This is a standard LDAP escape sequence.) |
+
+### LDAP Special Characters
+
+ADFilter parser will automatically convert all the below characters found in
+STRING data, that is data enclosed in " " or ' ' to their LDAP escape sequence.
+End users need not know about these LDAP escape sequence.
+
+| ASCII Character | Escape sequence substitute |
+| --------------- | ----------------------------------------------- |
+| `*` | `\2a` (Character `*` will only be converted in |
+| | -eq and -ne comparisons Users should use |
+| | -like and -notlike operators for wildcard |
+| | comparison.) |
+| `(` | `\28` |
+| `)` | `\29` |
+| `/` | `\2f` |
diff --git a/docset/winserver2012r2-ps/activedirectory/About/about_ActiveDirectory_Identity.md b/docset/winserver2012r2-ps/activedirectory/About/about_ActiveDirectory_Identity.md
new file mode 100644
index 0000000000..c007277b19
--- /dev/null
+++ b/docset/winserver2012r2-ps/activedirectory/About/about_ActiveDirectory_Identity.md
@@ -0,0 +1,196 @@
+---
+title: about_ActiveDirectory_Identity
+ms.date: 04/22/2013
+description: This article lists the identifying attributes that are used for search and retrieval supported by the Active Directory module for Windows PowerShell.
+Locale: en-US
+schema: 2.0.0
+---
+
+# about_ActiveDirectory_Identity
+
+## SHORT DESCRIPTION
+
+The Active Directory module for Windows PowerShell objects have a range of
+identifying attributes that are used for search and retrieval.
+
+## LONG DESCRIPTION
+
+In order to identify the objects in Active Directory, each object has
+attributes that can be used as identifiers. In the Active Directory module, the
+value of the identity of an object can be passed using the Identity parameter.
+Each object type has its own set of possible types and values for use by the
+Identity parameter. See the detailed description of the Identity parameter of
+the given cmdlet for more information about its usage.
+
+When searching with the Active Directory module cmdlets, the value of the
+Identity parameter, along with the values of the Server and Partition
+parameters, is used to uniquely identify a single object. The Server parameter
+is used to locate which server to connect with. The Partition parameter further
+narrows the search to a specific partition. The Identity parameter then
+resolves to a single unique object in the partition.
+
+Note that using the Security Accounts Manager (SAM) Account Name
+(**sAMAccountName**) when targeting a global catalog port, you will not find a
+user in a different domain if you are using the Identity parameter
+
+If more than one object is found using identity resolution, the Active
+Directory module throws an error.
+
+For more information about the Server and Partition parameters, see the help
+topics for the individual cmdlets where they are used, such as `Get-ADUser`, by
+typing:
+
+```powershell
+Get-Help Get-ADUser
+```
+
+### Objects and Identities
+
+Each object has a list of attributes that can be used as an identity for that
+object. Additionally, if the object inherits from another object, then the
+parent object's identities can also be used as the child object's identities.
+For more information on the Active Directory object hierarchy, see
+[about_ActiveDirectory_ObjectModel](about_ActiveDirectory_ObjectModel.md).
+
+> [!NOTE]
+> For Active Directory Provider cmdlets, only an object's 'Distinguished Name'
+> or 'Relative Distinguished Name' can be used as the identity. For a list of
+> Active Directory Provider cmdlets, see ActiveDirectory.
+
+### Identity Attributes
+
+The following is a list of identity attributes by object type.
+
+- ADAccount
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Security Identifier (objectSid)
+ - SAM Account Name (sAMAccountName)
+
+- ADComputer
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Security Identifier (objectSid)
+ - Security Accounts Manager Account Name (sAMAccountName)
+
+- ADDirectoryServer
+ - Name of the server object (name)
+ - For AD LDS instances the syntax of a name is `$`
+ - For other Active Directory instances, use the value of the name property.
+ - Distinguished Name of the NTDS Settings object
+ - Distinguished Name of the server object that represents the directory
+ server.
+ - GUID (objectGUID) of server object under the configuration partition.
+ - GUID (objectGUID) of NTDS settings object under the configuration partition
+
+- ADDomain
+ - Distinguished Name
+ - GUID
+ - Security Identifier
+ - DNS domain name
+ - NetBIOS domain name
+
+- ADDomainController
+ - GUID (objectGUID)
+ - IPV4Address
+ - Global IPV6Address
+ - DNS Host Name (dNSHostName)
+ - Name of the server object
+ - Distinguished Name of the NTDS Settings object
+ - Distinguished Name of the server object that represents the domain controller
+ - GUID of NTDS settings object under the configuration partition
+ - GUID of server object under the configuration partition
+ - Distinguished Name of the computer object that represents the domain controller.
+
+- ADFineGrainedPasswordPolicy
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Name (name)
+
+- ADForest
+ - Fully qualified domain name
+ - DNS host name
+ - NetBIOS name
+
+- ADGroup
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Security Identifier (objectSid)
+ - Security Accounts Manager (SAM) Account Name (sAMAccountName)
+
+- ADObject
+ - Distinguished Name
+ - GUID (objectGUID)
+
+- ADOptionalFeature
+ - Distinguished Name
+ - Name (name)
+ - Feature GUID (featureGUID)
+ - GUID (objectGUID)
+
+- ADOrganizationalUnit
+ - Distinguished Name
+ - GUID (objectGUID)
+
+- ADPrincipal
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Security Identifier (objectSid)
+ - SAM Account Name (sAMAccountName)
+
+- ADServiceAccount
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Security Identifier (objectSid)
+ - SAM Account Name (sAMAccountName)
+
+- ADUser
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Security Identifier (objectSid)
+ - SAM User Name (sAMUserName)
+
+
+### Identities Formats
+
+Active Directory module objects have a range of identity attributes. Below is a
+list of these, their types and formats.
+
+- Distinguished Name
+ - Example: CN=SaraDavis,CN=Europe,CN=Users, DC=corp,DC=contoso,DC=com
+
+- DNS domain name
+ - Example: redmond.corp.contoso.com
+
+- DNS Host Name (dNSHostName)
+ - Example: corp-DC01.corp.contoso.com
+
+- Feature GUID (featureGUID)
+ - Example: 599c3d2e-f72d-4d20-8a88-030d99495f20
+
+- Fully qualified domain name
+ - Example: corp.contoso.com
+
+- Global IPV6Address
+ - Example: 2001:4898:0:fff:200:5efe:157.59.132.61
+
+- GUID (objectGUID)
+ - Example: 599c3d2e-f72d-4d20-8a88-030d99495f20
+
+- IPV4Address
+ - Example:157.59.132.61
+
+- NetBIOS domain name
+ - Example: redmond
+
+- Name of the server object
+ - Example: corp-DC01$
+
+- SAM Account Name (sAMAccountName)
+ - Example: saradavisreports
+
+- Security Identifier (objectSid)
+ - Example: S-1-5-21-3165297888-301567370-576410423-1103
+
+- Name
+ - Example: Recycle Bin Feature
diff --git a/docset/winserver2012r2-ps/activedirectory/About/about_ActiveDirectory_ObjectModel.md b/docset/winserver2012r2-ps/activedirectory/About/about_ActiveDirectory_ObjectModel.md
new file mode 100644
index 0000000000..8535a97464
--- /dev/null
+++ b/docset/winserver2012r2-ps/activedirectory/About/about_ActiveDirectory_ObjectModel.md
@@ -0,0 +1,595 @@
+---
+title: about_ActiveDirectory_ObjectModel
+ms.date: 04/22/2013
+description: Describes the object model of the Active Directory module for Windows PowerShell.
+Locale: en-US
+schema: 2.0.0
+---
+
+# about_ActiveDirectory_ObjectModel
+
+## SHORT DESCRIPTION
+Describes the object model of the Active Directory module for Windows
+PowerShell.
+
+## LONG DESCRIPTION
+
+This topic explains the Active Directory module classes and their properties
+used to model actual Active Directory attributes. It also outlines the class
+hierarchy constructed from its Active Directory counterpart. The object model
+establishes a data foundation for all the operations supported by Active
+Directory module cmdlets.
+
+### Class Hierarchy
+
+The following list shows the class hierarchy defined in the Active Directory
+module object model, with class inheritance implied by indentation. This
+inheritance model allows for Active Directory cmdlets to accept a range of
+object types as input. This means, for example, that the cmdlet
+Get-ADPrincipalGroupMembership can accept as input any of the following
+objects: ADGroup, ADAccount, ADComputer, ADServiceAccount or ADUser. This works
+because of the inheritance model and guarantees that an ADUser object has all
+of the properties of an ADPrincipal object.
+
+```
+ADEntity
+ ADRootDSE
+ ADObject
+ ADFineGrainedPasswordPolicy
+ ADOptionalFeature
+ ADOrganizationalUnit
+ ADPartition
+ ADDomain
+ ADPrincipal
+ ADAccount
+ ADComputer
+ ADServiceAccount
+ ADUser
+ ADGroup
+ ADDefaultDomainPasswordPolicy
+ ADForest
+ ADDirectoryServer
+ ADDomainController
+```
+
+### Active Directory Module Classes
+
+The following listing shows every Active Directory module class from the class
+hierarchy listing. Each class defines a set of properties, some of which are
+LDAP attributes that are retrieved by default and some are new properties
+created specifically for the Active Directory module. These new properties are
+derived from one or more LDAP attributes as outlined in the class listings.
+
+
+- ADEntity - The base level class from which all other classes are derived.
+ - ADRootDSE - Represents the rootDSE and is derived from ADEntity. An
+ ADRootDSE may contain the following properties in addition to those
+ inherited from its parent.
+ - ConfigurationNamingContext - A property of type System.String, derived
+ from the directory attribute ConfigurationNamingContext
+ - CurrentTime - A property of type System.DateTime, derived from the
+ directory attribute CurrentTime
+ - DefaultNamingContext - A property of type System.String, derived from the
+ directory attribute DefaultNamingContext
+ - DnsHostName - A property of type System.String, derived from the
+ directory attribute DnsHostName
+ - DomainControllerFunctionality - A property of type
+ ADDomainControllerMode, derived from the directory attribute
+ DomainControllerFunctionality
+ - DomainFunctionality - A property of type ADDomainMode, derived from the
+ directory attribute DomainFunctionality
+ - DsServiceName - A property of type System.String, derived from the
+ directory attribute DsServiceName
+ - ForestFunctionality - A property of type ADForestMode, derived from the
+ directory attribute ForestFunctionality
+ - GlobalCatalogReady - A property of type System.Boolean, derived from the
+ directory attribute GlobalCatalogReady
+ - HighestCommittedUSN - A property of type System.Long, derived from the
+ directory attribute HighestCommittedUSN
+ - LdapServiceName - A property of type System.String, derived from the
+ directory attribute LdapServiceName
+ - NamingContexts - A property of type System.String, derived from the
+ directory attribute NamingContexts
+ - RootDomainNamingContext - A property of type System.String, derived from
+ the directory attribute RootDomainNamingContext
+ - SchemaNamingContext - A property of type System.String, derived from the
+ directory attribute SchemaNamingContext
+ - ServerName - A property of type System.String, derived from the directory
+ attribute ServerName
+ - SubschemaSubentry - A property of type ADObject, derived from the
+ directory attribute SubschemaSubentry
+ - SupportedCapabilities - A property of type ADObjectIdentifier, derived
+ from the directory attribute SupportedCapabilities
+ - SupportedControl - A property of type ADObjectIdentifier, derived from
+ the directory attribute SupportedControl
+ - SupportedLDAPPolicies - A property of type System.String, derived from
+ the directory attribute SupportedLDAPPolicies
+ - SupportedLDAPVersion - A property of type System.Int, derived from the
+ directory attribute SupportedLDAPVersion
+ - SupportedRootDSEOperations - A property of type
+ ADPropertyValueCollection, derived from the directory attribute
+ SupportedRootDSEOperations
+ - SupportedSASLMechanisms - A property of type System.String, derived from
+ the directory attribute SupportedSASLMechanisms
+ - Syncronized - A property of type System.Boolean, derived from the
+ directory attribute IsSynchronized.
+ - ADObject - Represents any object in Active Directory and is derived from
+ ADEntity. An ADObject may contain the following properties in addition to
+ those inherited from its parent.
+ - CanonicalName - A property of type System.String, derived from the
+ directory attribute: canonicalName
+ - CN - A property of type System.String, derived from the directory
+ attribute: cn
+ - Created - A property of type System.DateTime, derived from the directory
+ attribute: createTimeStamp
+ - Deleted - A property of type System.Boolean, derived from the directory
+ attribute: isDeleted
+ - Description - A property of type System.String, derived from the
+ directory attribute: description
+ - DisplayName - A property of type System.String, derived from the
+ directory attribute: displayName
+ - DistinguishedName - A property of type System.String, derived from the
+ directory attribute: distinguishedName
+ - LastKnownParent - A property of type System.String, derived from the
+ directory attribute: lastKnownParent
+ - Modified - A property of type System.DateTime, derived from the directory
+ attribute: modifyTimeStamp
+ - Name - A property of type System.String, derived from the directory
+ attribute: name
+ - ObjectCategory - A property of type System.String, derived from the
+ directory attribute: objectCategory
+ - ObjectClass - A property of type System.String, derived from the
+ directory attribute: objectClass
+ - ObjectGUID - A property of type System.Guid, derived from the directory
+ attribute: objectGUID
+ - ProtectedFromAccidentalDeletion - A property of type System.Boolean,
+ derived from the directory attributes: nTSecurityDescriptor,
+ sdRightsEffective, instanceType, isDeleted
+ - ADFineGrainedPasswordPolicy Represents a fine grained password policy
+ object; that is, an AD object of type msDS-PasswordSettings in AD DS and
+ is derived from ADObject. This class is not supported by AD LDS. An
+ ADFineGrainedPasswordPolicy may contain the following properties in
+ addition to those inherited from its parent.
+ - AppliesTo - A property of type System.String, derived from the
+ directory attribute: msDS-PSOAppliesTo
+ - ComplexityEnabled - A property of type System.Boolean, derived from the
+ directory attribute: msDS-PasswordComplexityEnabled
+ - LockoutDuration - A property of type System.TimeSpan, derived from the
+ directory attribute: msDS-LockoutDuration
+ - LockoutObservationWindow - A property of type System.TimeSpan, derived
+ from the directory attribute: msDS-LockoutObservationWindow
+ - LockoutThreshold - A property of type System.Int32, derived from the
+ directory attribute: msDS-LockoutThreshold
+ - MaxPasswordAge - A property of type System.TimeSpan, derived from the
+ directory attribute: msDS-MaximumPasswordAge
+ - MinPasswordAge - A property of type System.TimeSpan, derived from the
+ directory attribute: msDS-MinimumPasswordAge
+ - MinPasswordLength - A property of type System.Int32, derived from the
+ directory attribute: msDS-MinimumPasswordLength
+ - PasswordHistoryCount - A property of type System.Int32, derived from
+ the directory attribute: msDS-PasswordHistoryLength
+ - Precedence - A property of type System.Int32, derived from the
+ directory attribute: msDS-PasswordSettingsPrecedence
+ - ReversibleEncryptionEnabled - A property of type System.Boolean,
+ derived from the directory attribute:
+ msDS-PasswordReversibleEncryptionEnabled
+ - ADOptionalFeature Represents an optional feature, an Active Directory
+ object of type msDS-OptionalFeature, and is derived from ADObject. An
+ ADOptionalFeaturemay contain the following properties in addition to
+ those inherited from its parent.
+ - EnabledScopes - A property of type System.String, derived from the
+ directory attribute: msDS-EnabledFeatureBL
+ - FeatureGUID - A property of type System.Guid, derived from the
+ directory attribute: msDS-OptionalFeatureGUID
+ - FeatureScope - A property of type System.Int32, derived from the
+ directory attribute: msDS-OptionalFeatureFlags
+ - IsDisableable - A property of type System.Boolean, derived from the
+ directory attribute: msDS-OptionalFeatureFlags
+ - RequiredDomainMode - A property of type
+ Microsoft.ActiveDirectory.Management.ADDomainMode, derived from the
+ directory attribute: msDS-RequiredDomainBehaviorVersion
+ - RequiredForestMode - A property of type
+ Microsoft.ActiveDirectory.Management.ADForestMode, derived from the
+ directory attribute: msDS-RequiredForestBehaviorVersion
+ - ADOrganizationalUnit Represents an organizationalUnit (OU) object and is
+ derived from ADObject. An ADOrganizationalUnit may contain the following
+ properties in addition to those inherited from its parent.
+ - City - A property of type System.String, derived from the directory
+ attribute: l
+ - Country - A property of type System.String, derived from the directory
+ attribute: c
+ - LinkedGroupPolicyObjects - A property of type System.String, derived
+ from the directory attribute: gpLink. This property is not supported on
+ AD LDS.
+ - ManagedBy - A property of type System.String, derived from the
+ directory attribute: managedBy
+ - PostalCode - A property of type System.String, derived from the
+ directory attribute: postalCode
+ - State - A property of type System.String, derived from the directory
+ attribute: st
+ - StreetAddress - A property of type System.String, derived from the
+ directory attribute: street
+ - ADPartition - Represents a naming context, Configuration, Schema, Domain
+ or Application Partition(ND NC) and is derived from ADObject. This class
+ is not supported by AD LDS. An ADPartition may contain the following
+ properties in addition to those inherited from its parent.
+ - DeletedObjectsContainer - A property of type System.String, derived
+ from the directory attribute: DeletedObjectsContainer
+ - DNSRoot - A property of type System.String, derived from the directory
+ attribute: DNSRoot
+ - LostAndFoundContainer - A property of type System.String, derived from
+ the directory attribute: LostAndFoundContainer
+ - QuotasContainer - A property of type System.String, derived from the
+ directory attribute: QuotasContainer
+ - ReadOnlyReplicaDirectoryServers - A property of type System.String,
+ derived from the directory attribute: ReadOnlyReplicaDirectoryServers
+ - ReplicaDirectoryServers - A property of type System.String, derived
+ from the directory attribute: ReplicaDirectoryServers
+ - SubordinateReferences - A property of type System.String, derived from
+ the directory attribute: SubordinateReferences
+ - ADDomain - Represents a domain in AD DS or an instance in AD LDS; for
+ example, an Active Directory object of type domainDNS and is derived
+ from ADPartition. This class is not supported by AD LDS. An ADDomain
+ may contain the following properties in addition to those inherited
+ from its parent.
+ - AllowedDNSSuffixes - A property of type System.String, derived from
+ the directory attribute: msDS-AllowedDNSSuffixes
+ - ChildDomains - A property of type System.String, derived from the
+ directory attribute: ChildDomains
+ - ComputersContainer - A property of type System.String, derived from
+ the directory attribute: ComputersContainer
+ - DomainControllersContainer - A property of type System.String,
+ derived from the directory attribute: DomainControllersContainer
+ - DomainMode - A property of type System.Int32, derived from the
+ directory attribute: msDS-Behavior-Version
+ - DomainSID - A property of type
+ System.Security.Principal.SecurityIdentifier, derived from the
+ directory attribute: objectSid
+ - ForeignSecurityPrincipalsContainer - A property of type
+ System.String, derived from the directory attribute:
+ ForeignSecurityPrincipalsContainer
+ - Forest - A property of type System.String, derived from the directory
+ attribute: Forest
+ - InfrastructureMaster - A property of type System.String, derived from
+ the directory attribute: InfrastructureMaster
+ - LastLogonReplicationInterval - A property of type System.TimeSpan,
+ derived from the directory attribute: msDS-LogonTimeSyncInterval
+ - LinkedGroupPolicyObjects - A property of type System.String, derived
+ from the directory attribute: LinkedGroupPolicyObjects
+ - ManagedBy - A property of type System.String, derived from the
+ directory attribute: managedBy
+ - NetBIOSName - A property of type System.String, derived from the
+ directory attribute: NetBIOSName
+ - ParentDomain - A property of type System.String, derived from the
+ directory attribute: ParentDomain
+ - PDCEmulator - A property of type System.String, derived from the
+ directory attribute: PDCEmulator
+ - RIDMaster - A property of type System.String, derived from the
+ directory attribute: RIDMaster
+ - SystemsContainer - A property of type System.String, derived from the
+ directory attribute: SystemsContainer
+ - UsersContainer - A property of type System.String, derived from the
+ directory attribute: UsersContainer
+ - ADPrincipal - Represents a security principal, which is an Active
+ Directory object of type user, computer, group or iNetOrgPerson and is
+ derived from ADObject. An ADPrincipal may contain the following
+ properties in addition to those inherited from its parent.
+ - HomePage - A property of type System.String, derived from the
+ directory attribute: wWWHomePage
+ - MemberOf - A property of type System.String, derived from the
+ directory attribute: memberOf
+ - SamAccountName - A property of type System.String, derived from the
+ directory attribute: sAMAccountName. This property is not supported
+ for AD LDS.
+ - SID - A property of type
+ System.Security.Principal.SecurityIdentifier, derived from the
+ directory attribute: objectSid
+ - SIDHistory - A property of type
+ System.Security.Principal.SecurityIdentifier, derived from the
+ directory attribute: sIDHistory. This property is not supported for
+ AD LDS.
+ - ADAccount - Represents a security account; that is, an Active
+ Directory object of type user, computer or iNetOrgPerson and is
+ derived from ADPrincipal. An ADAccount may contain the following
+ properties in addition to those inherited from its parent.
+ - AccountExpirationDate - A property of type System.DateTime, derived
+ from the directory attribute: accountExpires
+ - AccountLockoutTime - A property of type System.DateTime, derived
+ from the directory attribute: lockoutTime
+ - AccountNotDelegated - A property of type System.Boolean, derived
+ from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - AllowReversiblePasswordEncryption - A property of type
+ System.Boolean, for AD DS it is derived from the directory
+ attribute: userAccountControl; for AD LDS it is derived from the
+ directory attribute: ms-DS-UserEncryptedTextPasswordAllowed
+ - BadLogonCount - A property of type System.Int32, derived from the
+ directory attribute: badPwdCount
+ - CannotChangePassword - A property of type System.Boolean, derived
+ from the directory attribute: nTSecurityDescriptor
+ - Certificates - A property of type
+ System.Security.Cryptography.X509Certificates.X509Certificate,
+ derived from the directory attribute: userCertificate
+ - DoesNotRequirePreAuth - A property of type System.Boolean, derived
+ from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - Enabled - A property of type System.Boolean, for AD DS it is
+ derived from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed; for AD LDS it is derived from
+ the directory attribute msDS-UserAccountDisabled
+ - HomedirRequired - A property of type System.Boolean, derived from
+ the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - LastBadPasswordAttempt - A property of type System.DateTime,
+ derived from the directory attribute: badPasswordTime
+ - LastLogonDate - A property of type System.DateTime, derived from
+ the directory attribute: lastLogonTimestamp
+ - LockedOut - A property of type System.Boolean, for AD DS it is
+ derived from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed, lockoutTime; for AD LDS it is
+ derived from the directory attribute msDS-UserAccountDisabled
+ - MNSLogonAccount - A property of type System.Boolean, derived from
+ the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - PasswordExpired - A property of type System.Boolean, for AD DS it
+ is derived from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed; for AD LDS it is derived from
+ the directory attribute msDS-UserPasswordExpired
+ - PasswordLastSet - A property of type System.DateTime, derived from
+ the directory attribute: pwdLastSet
+ - PasswordNeverExpires - A property of type System.Boolean, for AD
+ LDS it is derived from the directory attributes:
+ userAccountControl, msDS-User-Account-Control-Computed; for AD LDS
+ it is derived from the directory attribute:
+ msDS-UserDontExpirePassword
+ - PasswordNotRequired - A property of type System.Boolean, for AD DS
+ it is derived from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed; for AD LDS it is derived from
+ the directory attribute: ms-DS-UserPasswordNotRequired
+ - PrimaryGroup - A property of type System.String, derived from the
+ directory attributes: primaryGroupID, objectSid. This property is
+ not supported by AD LDS.
+ - ServicePrincipalNames - A property of type System.String, derived
+ from the directory attribute: servicePrincipalName. This property
+ is not supported by AD LDS.
+ - TrustedForDelegation - A property of type System.Boolean, derived
+ from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - TrustedToAuthForDelegation - A property of type System.Boolean,
+ derived from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - UseDESKeyOnly - A property of type System.Boolean, derived from the
+ directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - UserPrincipalName - A property of type System.String, derived from
+ the directory attribute: userPrincipalName
+ - ADComputer - Represents a computer and is derived from ADAccount.
+ An ADComputer may contain the following properties in addition to
+ those inherited from its parent.
+ - DNSHostName - A property of type System.String, derived from the
+ directory attribute: dNSHostName
+ - IPv4Address - A property of type System.String, derived from the
+ directory attribute: dNSHostName
+ - IPv6Address - A property of type System.String, derived from the
+ directory attribute: dNSHostName
+ - Location - A property of type System.String, derived from the
+ directory attribute: location
+ - ManagedBy - A property of type System.String, derived from the
+ directory attribute: managedBy
+ - OperatingSystem - A property of type System.String, derived from
+ the directory attribute: operatingSystem
+ - OperatingSystemHotfix - A property of type System.String, derived
+ from the directory attribute: operatingSystemHotfix
+ - OperatingSystemServicePack - A property of type System.String,
+ derived from the directory attribute: operatingSystemServicePack
+ - OperatingSystemVersion - A property of type System.String,
+ derived from the directory attribute: operatingSystemVersion
+ - ServiceAccount - A property of type System.String, derived from
+ the directory attribute: msDS-HostServiceAccount
+ - ADServiceAccount - Represents a managed service account; that is,
+ an Active Directory object of type msDS-ManagerdServiceAccount and
+ is derived from ADAccount. This class is not supported by AD LDS.
+ An ADServiceAccount may contain the following properties in
+ addition to those inherited from its parent.
+ - HostComputers - A property of type System.String, derived from
+ the directory attribute: msDS-HostServiceAccountBL
+ - ADUser - Represents a user (or iNetOrgPerson) and is derived from
+ ADAccount. An ADUser may contain the following properties in
+ addition to those inherited from its parent.
+ - City - A property of type System.String, derived from the
+ directory attribute: l
+ - Company - A property of type System.String, derived from the
+ directory attribute: company
+ - Country - A property of type System.String, derived from the
+ directory attribute: c
+ - Department - A property of type System.String, derived from the
+ directory attribute: department
+ - Division - A property of type System.String, derived from the
+ directory attribute: division
+ - EmailAddress - A property of type System.String, derived from the
+ directory attribute: mail
+ - EmployeeID - A property of type System.String, derived from the
+ directory attribute: employeeID
+ - EmployeeNumber - A property of type System.String, derived from
+ the directory attribute: employeeNumber
+ - Fax - A property of type System.String, derived from the
+ directory attribute: facsimileTelephoneNumber
+ - GivenName - A property of type System.String, derived from the
+ directory attribute: givenName
+ - HomeDirectory - A property of type System.String, derived from
+ the directory attribute: homeDirectory. This property is not
+ supported by AD LDS.
+ - HomeDrive - A property of type System.String, derived from the
+ directory attribute: homeDrive. This property is not supported by
+ AD LDS.
+ - HomePhone - A property of type System.String, derived from the
+ directory attribute: homePhone
+ - Initials - A property of type System.String, derived from the
+ directory attribute: initials
+ - LogonWorkstations - A property of type System.String, derived
+ from the directory attribute: userWorkstations. This property is
+ not supported by AD LDS.
+ - Manager - A property of type System.String, derived from the
+ directory attribute: manager
+ - MobilePhone - A property of type System.String, derived from the
+ directory attribute: mobile
+ - Office - A property of type System.String, derived from the
+ directory attribute: physicalDeliveryOfficeName
+ - OfficePhone - A property of type System.String, derived from the
+ directory attribute: telephoneNumber
+ - Organization - A property of type System.String, derived from the
+ directory attribute: o
+ - OtherName - A property of type System.String, derived from the
+ directory attribute: middleName
+ - POBox - A property of type System.String, derived from the
+ directory attribute: postOfficeBox
+ - PostalCode - A property of type System.String, derived from the
+ directory attribute: postalCode
+ - ProfilePath - A property of type System.String, derived from the
+ directory attribute: profilePath. This property is not supported
+ by AD LDS.
+ - ScriptPath - A property of type System.String, derived from the
+ directory attribute: scriptPath. This property is not supported
+ by AD LDS.
+ - SmartcardLogonRequired - A property of type System.Boolean,
+ derived from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not
+ supported by AD LDS.
+ - State - A property of type System.String, derived from the
+ directory attribute: st
+ - StreetAddress - A property of type System.String, derived from
+ the directory attribute: streetAddress
+ - Surname - A property of type System.String, derived from the
+ directory attribute: sn
+ - Title - A property of type System.String, derived from the
+ directory attribute: title
+ - ADGroup -Represents a group and is derived from ADPrincipal. An
+ ADGroup may contain the following properties in addition to those
+ inherited from its parent.
+ - GroupCategory - A property of type
+ Microsoft.ActiveDirectory.Management.ADGroupCategory, derived from
+ the directory attribute: groupType
+ - GroupScope - A property of type
+ Microsoft.ActiveDirectory.Management.ADGroupScope, derived from the
+ directory attribute: groupType
+ - ManagedBy - A property of type System.String, derived from the
+ directory attribute: managedBy
+ - Members - A property of type System.String, derived from the
+ directory attribute: member
+ - ADDefaultDomainPasswordPolicy - Represents the domain-wide password policy
+ of an Active Directory domain and is derived from ADEntity. This class is
+ not supported by AD LDS. An ADDefaultDomainPasswordPolicy may contain the
+ following properties in addition to those inherited from its parent.
+ - ComplexityEnabled - A property of type System.Boolean, derived from the
+ directory attribute: pwdProperties
+ - DistinguishedName - A property of type System.String, derived from the
+ directory attribute: distinguishedName
+ - LockoutDuration - A property of type System.TimeSpan, derived from the
+ directory attribute: lockoutDuration
+ - LockoutObservationWindow - A property of type System.TimeSpan, derived
+ from the directory attribute: lockoutObservationWindow
+ - LockoutThreshold - A property of type System.Int32, derived from the
+ directory attribute: lockoutThreshold
+ - MaxPasswordAge - A property of type System.TimeSpan, derived from the
+ directory attribute: maxPwdAge
+ - MinPasswordAge - A property of type System.TimeSpan, derived from the
+ directory attribute: minPwdAge
+ - MinPasswordLength - A property of type System.Int32, derived from the
+ directory attribute: minPwdLength
+ - PasswordHistoryCount - A property of type System.Int32, derived from the
+ directory attribute: pwdHistoryLength
+ - ReversibleEncryptionEnabled - A property of type System.Boolean, derived
+ from the directory attribute: pwdProperties
+ - ADForest - Represents a Active Directory forest in AD DS or a Configuration
+ Set in AD LDS and is derived from ADEntity. This class is not supported by
+ AD LDS. An ADForest may contain the following properties in addition to
+ those inherited from its parent.
+ - ApplicationPartitions - A property of type System.String, derived from
+ the directory attribute: ApplicationPartitions
+ - CrossForestReferences - A property of type System.String, derived from
+ the directory attribute: CrossForestReferences
+ - DomainNamingMaster - A property of type System.String, derived from the
+ directory attribute: DomainNamingMaster
+ - Domains - A property of type System.String, derived from the directory
+ attribute: Domains
+ - ForestMode - A property of type System.Int32, derived from the directory
+ attribute: msDS-Behavior-Version
+ - GlobalCatalogs - A property of type System.String, derived from the
+ directory attribute: GlobalCatalogs
+ - Name - A property of type System.String, derived from the directory
+ attribute: name
+ - PartitionContainerName - A property of type System.String, derived from
+ the directory attribute: distinguishedName
+ - RootDomain - A property of type System.String, derived from the directory
+ attribute: RootDomain
+ - SchemaMaster - A property of type System.String, derived from the
+ directory attribute: SchemaMaster
+ - Sites - A property of type System.String, derived from the directory
+ attribute: Sites
+ - SPNSuffixes - A property of type System.String, derived from the
+ directory attribute: msDS-SPNSuffixes
+ - UPNSuffixes - A property of type System.String, derived from the
+ directory attribute: uPNSuffixes
+ - ADDirectoryServer - Represents a directory server used as either a domain
+ controller or an AD LDS instance and is derived from ADEntity. An
+ ADDirectoryServer may contain the following properties in addition to those
+ inherited from its parent.
+ - DefaultPartition - A property of type System.String, derived from the
+ directory attribute: DefaultPartition
+ - HostName - A property of type System.String, derived from the directory
+ attribute: HostName
+ - InvocationId - A property of type System.Guid, derived from the directory
+ attribute: InvocationId
+ - IPv4Address - A property of type System.String, derived from the
+ directory attribute: HostName
+ - IPv6Address - A property of type System.String, derived from the
+ directory attribute: HostName
+ - LdapPort - A property of type System.Int32, derived from the directory
+ attribute: LdapPort
+ - Name - A property of type System.String, derived from the directory
+ attribute: Name
+ - NTDSSettingsObjectDN - A property of type System.String, derived from the
+ directory attribute: NTDSSettingsObjectDN
+ - OperationMasterRoles - A property of type
+ Microsoft.ActiveDirectory.Management.ADOperationMasterRole, derived from
+ the directory attribute: OperationMasterRole
+ - Partitions - A property of type System.String, derived from the directory
+ attribute: Partitions
+ - ServerObjectDN - A property of type System.String, derived from the
+ directory attribute: ServerObjectDN
+ - ServerObjectGuid - A property of type System.Guid, derived from the
+ directory attribute: ServerObjectGuid
+ - Site - A property of type System.String, derived from the directory
+ attribute: Site
+ - SslPort - A property of type System.Int32, derived from the directory
+ attribute: SslPort
+ - ADDomainController - Represents a domain controller in AD DS and is
+ derived from ADDirectoryServer. An ADDomainController may contain the
+ following properties in addition to those inherited from its parent.
+ - ComputerObjectDN - A property of type System.String, derived from the
+ directory attribute: ComputerDN
+ - Domain - A property of type System.String, derived from the directory
+ attribute: Domain
+ - Enabled - A property of type System.Boolean, derived from the directory
+ attribute: Enabled
+ - Forest - A property of type System.String, derived from the directory
+ attribute: Forest
+ - IsGlobalCatalog - A property of type System.Boolean, derived from the
+ directory attribute: IsGlobalCatalog
+ - IsReadOnly - A property of type System.Boolean, derived from the
+ directory attribute: IsReadOnly
+ - OperatingSystem - A property of type System.String, derived from the
+ directory attribute: OSName
+ - OperatingSystemHotfix - A property of type System.String, derived from
+ the directory attribute: OSHotFix
+ - OperatingSystemServicePack - A property of type System.String, derived
+ from the directory attribute: OSServicepack
+ - OperatingSystemVersion - A property of type System.String, derived from
+ the directory attribute: OSVersion
diff --git a/docset/winserver2012r2-ps/activedirectory/New-ADOrganizationalUnit.md b/docset/winserver2012r2-ps/activedirectory/New-ADOrganizationalUnit.md
index c657d1078a..23ff4f046c 100644
--- a/docset/winserver2012r2-ps/activedirectory/New-ADOrganizationalUnit.md
+++ b/docset/winserver2012r2-ps/activedirectory/New-ADOrganizationalUnit.md
@@ -10,7 +10,8 @@ title: New-ADOrganizationalUnit
# New-ADOrganizationalUnit
## SYNOPSIS
-Creates an Active Directory organizational unit.
+
+Creates a new Active Directory organizational unit.
## SYNTAX
@@ -23,62 +24,68 @@ New-ADOrganizationalUnit [-WhatIf] [-Confirm] [-AuthType ] [-City New-ADOrganizationalUnit -Name "UserAccounts" -Path "DC=FABRIKAM,DC=COM"
+PS C:\> New-ADOrganizationalUnit -Name "UserAccounts" -Path "DC=FABRIKAM,DC=COM"
```
-This command creates an OU named UserAccounts that is protected from accidental deletion.
+This command creates an OU named UserAccounts that is protected from accidental deletion. Note that accidental protection is implicit.
### Example 2: Create an OU that is not protected from accidental deletion
+
```
-PS C:\>New-ADOrganizationalUnit -Name "UserAccounts" -Path "DC=FABRIKAM,DC=COM" -ProtectedFromAccidentalDeletion $False
+PS C:\> New-ADOrganizationalUnit -Name "UserAccounts" -Path "DC=FABRIKAM,DC=COM" -ProtectedFromAccidentalDeletion $False
```
This command creates an OU named UserAccounts that is not protected from accidental deletion.
### Example 3: Create an OU that is protected from accidental deletion
+
```
-PS C:\>New-ADOrganizationalUnit -Name "UserAccounts" -Path "DC=FABRIKAM,DC=COM" -OtherAttributes @{seeAlso="CN=HumanResourceManagers,OU=Groups,OU=Managed,DC=Fabrikam,DC=com";managedBy="CN=TomC,DC=FABRIKAM,DC=COM"}
+PS C:\> New-ADOrganizationalUnit -Name "UserAccounts" -Path "DC=FABRIKAM,DC=COM" -OtherAttributes @{seeAlso="CN=HumanResourceManagers,OU=Groups,OU=Managed,DC=Fabrikam,DC=com";managedBy="CN=TomC,DC=FABRIKAM,DC=COM"}
```
This command creates an OU named UserAccounts that is protected from accidental deletion.
The **seeAlso** and **managedBy** properties are set to specified values.
### Example 4: Create an OU from a template OU
+
```
-PS C:\>$OuTemplate = Get-ADOrganizationalUnit -Identity "OU=UserAccounts,DC=Fabrikam,DC=com" -Properties seeAlso,managedBy
+PS C:\> $OuTemplate = Get-ADOrganizationalUnit -Identity "OU=UserAccounts,DC=Fabrikam,DC=com" -Properties seeAlso,managedBy
PS C:\> New-ADOrganizationalUnit -Name "TomCReports" -Instance $OuTemplate
```
This command uses the data from the OU OU=UserAccounts,DC=Fabrikam,DC=com as a template for another OU.
### Example 5: Create an OU in an AD LDS instance
+
```
-PS C:\>New-ADOrganizationalUnit -Name "Managed" -Path "DC=AppNC" -Server "FABRIKAM-SRV1:60000"
+PS C:\> New-ADOrganizationalUnit -Name "Managed" -Path "DC=AppNC" -Server "FABRIKAM-SRV1:60000"
```
This command creates an OU named Managed in an AD LDS instance.
@@ -86,7 +93,9 @@ This command creates an OU named Managed in an AD LDS instance.
## PARAMETERS
### -AuthType
+
Specifies the authentication method to use.
+
The acceptable values for this parameter are:
- Negotiate or 0
@@ -110,9 +119,10 @@ Accept wildcard characters: False
```
### -City
+
Specifies the town or city.
This parameter sets the **City** property of an OU object.
-The Lightweight Directory Access Protocol (LDAP) display name (**ldapDisplayName**) of this property is l.
+The Lightweight Directory Access Protocol (LDAP) display name (**ldapDisplayName**) of this property is `l`.
```yaml
Type: String
@@ -127,6 +137,7 @@ Accept wildcard characters: False
```
### -Confirm
+
Prompts you for confirmation before running the cmdlet.
```yaml
@@ -142,9 +153,10 @@ Accept wildcard characters: False
```
### -Country
+
Specifies the country or region code.
This parameter sets the **Country** property of an OU object.
-The LDAP display name (**ldapDisplayName**) of this property is c.
+The LDAP display name (**ldapDisplayName**) of this property is `c`.
This value is not used by Windows 2000.
```yaml
@@ -160,15 +172,16 @@ Accept wildcard characters: False
```
### -Credential
+
Specifies the user account credentials to use to perform this task.
The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive.
If the cmdlet is run from such a provider drive, the account associated with the drive is the default.
-To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object.
+To specify this parameter, you can type a user name, such as `User1` or `Domain01\User01` or you can specify a **PSCredential** object.
If you specify a user name for this parameter, the cmdlet prompts for a password.
-You can also create a **PSCredential** object by using a script or by using the Get-Credentialhttp://go.microsoft.com/fwlink/?LinkID=293936 cmdlet.
-You can then set the **Credential** parameter to the **PSCredential** object.
+You can also create a **PSCredential** object by using a script or by using the [Get-Credential](/powershell/module/microsoft.powershell.security/get-credential) cmdlet.
+You can then set the *Credential* parameter to the **PSCredential** object.
If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.
@@ -185,9 +198,10 @@ Accept wildcard characters: False
```
### -Description
+
Specifies a description of the object.
This parameter sets the value of the **Description** property for the OU object.
-The LDAP display name (**ldapDisplayName**) for this property is description.
+The LDAP display name (**ldapDisplayName**) for this property is `description`.
```yaml
Type: String
@@ -202,9 +216,10 @@ Accept wildcard characters: False
```
### -DisplayName
+
Specifies the display name of the object.
This parameter sets the **DisplayName** property of the OU object.
-The LDAP display name (**ldapDisplayName**) for this property is displayName.
+The LDAP display name (**ldapDisplayName**) for this property is `displayName`.
```yaml
Type: String
@@ -219,19 +234,27 @@ Accept wildcard characters: False
```
### -Instance
+
Specifies an instance of an OU object to use as a template for a new OU object.
You can use an instance of an existing OU object as a template or you can construct a new OU object by using the Windows PowerShell command line or by using a script.
Method 1: Use an existing OU object as a template for a new object.
To retrieve an instance of an existing OU object use Get-ADOrganizationalUnit.
-Then provide this object to the **Instance** parameter of the **New-ADOrganizationalUnit** cmdlet to create a new OU object.
+Then provide this object to the *Instance* parameter of the **New-ADOrganizationalUnit** cmdlet to create a new OU object.
You can override property values of the new object by setting the appropriate parameters.
Method 2: Create a new **ADOrganizationalUnit** object and set the property values by using the Windows PowerShell command line interface.
-Then pass this object to the **Instance** parameter of the **New-ADOrganizationalUnit** cmdlet to create the new Active Directory OU object.
+Then pass this object to the *Instance* parameter of the **New-ADOrganizationalUnit** cmdlet to create the new Active Directory OU object.
-Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set raises an error.
+```powershell
+$OrganizationalUnitInstance = New-Object -ComObject Microsoft.ActiveDirectory.Management.ADOrganizationalUnit
+$OrganizationalUnitInstance.Country = Australia
+New-ADOrganizationalUnit -Name accountingAustralia -Instance $OrganizationalUnitInstance
+```
+
+> [!NOTE]
+> Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set raises an error.
```yaml
Type: ADOrganizationalUnit
@@ -246,16 +269,17 @@ Accept wildcard characters: False
```
### -ManagedBy
+
Specifies the user or group that manages the object by providing one of the following property values.
-Note: The identifier in parentheses is the LDAP display name for the property.
+Note: The identifier in parentheses is the LDAP display name for the property.
The acceptable values for this parameter are:
- A distinguished name
-- A GUID (objectGUID)
-- A security identifier (objectSid)
+- A GUID (objectGUID)
+- A security identifier (objectSid)
- A SAM account name (sAMAccountName)
-This parameter sets the Active Directory attribute with an LDAP display name of managedBy.
+This parameter sets the Active Directory attribute with an LDAP display name of `managedBy`.
```yaml
Type: ADPrincipal
@@ -270,9 +294,10 @@ Accept wildcard characters: False
```
### -Name
+
Specifies the name of the object.
This parameter sets the **Name** property of the OU object.
-The LDAP display name (**ldapDisplayName**) of this property is name.
+The LDAP display name (**ldapDisplayName**) of this property is `name`.
```yaml
Type: String
@@ -287,6 +312,7 @@ Accept wildcard characters: False
```
### -OtherAttributes
+
Specifies object attribute values for attributes that are not represented by cmdlet parameters.
You can set one or more parameters at the same time with this parameter.
If an attribute takes more than one value, you can assign multiple values.
@@ -296,11 +322,11 @@ To specify a single value for an attribute:
`-OtherAttributes @{'AttributeLDAPDisplayName'=value}`
-To specify multiple values for an attribute:
+To specify multiple values for an attribute, separate the values with a comma:
`-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...}`
-To specify values for multiple attributes:
+To specify values for multiple attributes, separate the attributes with a semi-colon:
`-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...}`
@@ -317,6 +343,7 @@ Accept wildcard characters: False
```
### -PassThru
+
Returns an object representing the item with which you are working.
By default, this cmdlet does not generate any output.
@@ -333,30 +360,33 @@ Accept wildcard characters: False
```
### -Path
+
Specifies the X.500 path of the OU or container where the new object is created.
-In many cases, a default value is used for the **Path** parameter if no value is specified.
+In many cases, a default value is used for the *Path* parameter if no value is specified.
The rules for determining the default value are given below.
Note that rules listed first are evaluated first and when a default value can be determined, no further rules are evaluated.
-In Active Directory Domain Services (AD DS) environments, a default value for **Path** is set in the following cases:
+In Active Directory Domain Services (AD DS) environments, a default value for *Path* is set in the following cases:
-- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive.
-- If the cmdlet has a default path, this is used.
-For example: in New-ADUser, the **Path** parameter defaults to the Users container.
-- If none of the previous cases apply, the default value of **Path** is set to the default partition or naming context of the target domain.
+- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive.
+- If the cmdlet has a default path, this is used.
+For example: in **New-ADUser**, the *Path* parameter defaults to the Users container.
+- If none of the previous cases apply, the default value of *Path* is set to the default partition or naming context of the target domain.
-In AD LDS environments, a default value for **Path** is set in the following cases:
+In AD LDS environments, a default value for *Path* is set in the following cases:
-- If the cmdlet is run from an Active Directory module for PowerShell provider drive, the parameter is set to the current path of the provider drive.
-- If the cmdlet has a default path, this is used.
-For example: in **New-ADUser**, the **Path** parameter defaults to the Users container.
-- If the target AD LDS instance has a default naming context, the default value of **Path** is set to the default naming context.
-To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance.
-- If none of the previous cases apply, the **Path** parameter does not take any default value.
+- If the cmdlet is run from an Active Directory module for PowerShell provider drive, the parameter is set to the current path of the provider drive.
+- If the cmdlet has a default path, this is used.
+For example: in **New-ADUser**, the *Path* parameter defaults to the Users container.
+- If the target AD LDS instance has a default naming context, the default value of *Path* is set to the default naming context.
+ To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance.
+- If none of the previous cases apply, the *Path* parameter does not take any default value.
-Note: The Active Directory Provider cmdlets, such **New-Item**, **Remove-Item**, **Remove-ItemProperty**, **Rename-Item**, and **Set-ItemProperty** also contain a **Path** property.
-However, for the Active Directory Provider cmdlets, the **Path** parameter identifies the path of the actual object rather than the container.
+> [!NOTE]
+> The Active Directory Provider cmdlets, such as **New-Item**, **Remove-Item**, **Remove-ItemProperty**, **Rename-Item**, and **Set-ItemProperty**, also contain a **Path** property.
+>
+> However, for the Active Directory Provider cmdlets, the *Path* parameter identifies the path of the actual object rather than the container.
```yaml
Type: String
@@ -371,9 +401,10 @@ Accept wildcard characters: False
```
### -PostalCode
+
Specifies the postal code or zip code.
This parameter sets the **PostalCode** property of an OU object.
-The LDAP display name (**ldapDisplayName**) of this property is postalCode.
+The LDAP display name (**ldapDisplayName**) of this property is `postalCode`.
```yaml
Type: String
@@ -388,8 +419,9 @@ Accept wildcard characters: False
```
### -ProtectedFromAccidentalDeletion
+
Indicates whether to prevent the object from being deleted.
-When this property is set to $True, you cannot delete the corresponding object without changing the value of the property.
+When this property is set to $True, you cannot delete the corresponding object without changing the value of the property.
The acceptable values for this parameter are:
- $False or 0
@@ -408,17 +440,18 @@ Accept wildcard characters: False
```
### -Server
+
Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server.
The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance.
-Specify the AD DS instance in one of the following ways:
+Specify the AD DS instance in one of the following ways:
- Domain name values:
+Domain name values:
- Fully qualified domain name
- NetBIOS name
-Directory server values:
+Directory server values:
- Fully qualified directory server name
- NetBIOS name
@@ -426,7 +459,7 @@ Directory server values:
The default value for this parameter is determined by one of the following methods in the order that they are listed:
-- By using the **Server** value from objects passed through the pipeline
+- By using the *Server* value from objects passed through the pipeline
- By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive
- By using the domain of the computer running Windows PowerShell
@@ -443,9 +476,10 @@ Accept wildcard characters: False
```
### -State
+
Specifies a state or province.
This parameter sets the **State** property of an OU object.
-The LDAP display name (**ldapDisplayName**) of this property is st.
+The LDAP display name (**ldapDisplayName**) of this property is `st`.
```yaml
Type: String
@@ -460,9 +494,10 @@ Accept wildcard characters: False
```
### -StreetAddress
+
Specifies a street address.
This parameter sets the **StreetAddress** property of an OU object.
-The LDAP display name (**ldapDisplayName**) of this property is street.
+The LDAP display name (**ldapDisplayName**) of this property is `street`.
```yaml
Type: String
@@ -477,6 +512,7 @@ Accept wildcard characters: False
```
### -WhatIf
+
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
@@ -493,22 +529,26 @@ Accept wildcard characters: False
```
### CommonParameters
-This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
+
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
## INPUTS
### None or Microsoft.ActiveDirectory.Management.ADOrganizationalUnit
+
An OU object that is a template for the new OU object is received by the **Instance** parameter.
## OUTPUTS
### None or Microsoft.ActiveDirectory.Management.ADOrganizationalUnit
-Returns the new OU object when the **PassThru** parameter is specified.
+
+Returns the new OU object when the **PassThru** parameter is specified.
By default, this cmdlet does not generate any output.
## NOTES
-* This cmdlet does not work with an Active Directory snapshot.
-* This cmdlet does not work with a read-only domain controller.
+
+- This cmdlet does not work with an Active Directory Snapshot.
+- This cmdlet does not work with a read-only domain controller.
## RELATED LINKS
@@ -517,4 +557,3 @@ By default, this cmdlet does not generate any output.
[Remove-ADOrganizationalUnit](./Remove-ADOrganizationalUnit.md)
[Set-ADOrganizationalUnit](./Set-ADOrganizationalUnit.md)
-
diff --git a/docset/winserver2012r2-ps/hyper-v/Get-VMNetworkAdapter.md b/docset/winserver2012r2-ps/hyper-v/Get-VMNetworkAdapter.md
index 88e0c19d8b..50aa2fb27b 100644
--- a/docset/winserver2012r2-ps/hyper-v/Get-VMNetworkAdapter.md
+++ b/docset/winserver2012r2-ps/hyper-v/Get-VMNetworkAdapter.md
@@ -167,7 +167,7 @@ Accept wildcard characters: False
### -VM
Specifies the virtual machine whose virtual network adapters are to be retrieved.
-. The asterisk, "*", is the wildcard.
+The asterisk, "*", is the wildcard.
If it is specified the cmdlet returns virtual network adapters from every virtual machine in the system.
```yaml
diff --git a/docset/winserver2012r2-ps/pki/Import-Certificate.md b/docset/winserver2012r2-ps/pki/Import-Certificate.md
index d685995200..3cf7eb42d6 100644
--- a/docset/winserver2012r2-ps/pki/Import-Certificate.md
+++ b/docset/winserver2012r2-ps/pki/Import-Certificate.md
@@ -82,6 +82,8 @@ Accept wildcard characters: False
Specifies the path to a certificate file to be imported.
Acceptable formats include .sst, .p7b, and .cert files.
If the file contains multiple certificates, then each certificate will be imported to the destination store.
+The file must be in .sst format to import multiple certificates;
+otherwise, only the first certificate in the file will be imported.
```yaml
Type: String
diff --git a/docset/winserver2016-ps/activedirectory/About/About.md b/docset/winserver2016-ps/activedirectory/About/About.md
new file mode 100644
index 0000000000..449df28850
--- /dev/null
+++ b/docset/winserver2016-ps/activedirectory/About/About.md
@@ -0,0 +1,26 @@
+---
+description: About articles for the ActiveDirectory module.
+Help Version: 3.1.0.0
+Locale: en-US
+ms.date: 07/03/2024
+title: About articles
+---
+# About topics
+
+## Description
+
+About topics cover a range of concepts about PowerShell.
+
+## About Topics
+
+### [about_ActiveDirectory](about_ActiveDirectory.md)
+The Active Directory module is a command line interface for managing Active Directory.
+
+### [about_ActiveDirectory_Filter](about_ActiveDirectory_Filter.md)
+Describes the syntax and behavior of the search filter supported by the Active Directory module for Windows PowerShell.
+
+### [about_ActiveDirectory_Identity](about_ActiveDirectory_Identity.md)
+The Active Directory module for Windows PowerShell objects have a range of identifying attributes that are used for search and retrieval.
+
+### [about_ActiveDirectory_ObjectModel](about_ActiveDirectory_ObjectModel.md)
+Describes the object model of the Active Directory module for Windows PowerShell.
diff --git a/docset/winserver2016-ps/activedirectory/About/about_ActiveDirectory.md b/docset/winserver2016-ps/activedirectory/About/about_ActiveDirectory.md
new file mode 100644
index 0000000000..1b7183dcd2
--- /dev/null
+++ b/docset/winserver2016-ps/activedirectory/About/about_ActiveDirectory.md
@@ -0,0 +1,81 @@
+---
+title: about_ActiveDirectory
+ms.date: 04/22/2013
+description: The Active Directory module is a command line interface for managing Active Directory.
+Locale: en-US
+schema: 2.0.0
+---
+
+# about_ActiveDirectory
+
+## SHORT DESCRIPTION
+
+The Active Directory module is a command line interface for managing Active
+Directory.
+
+## LONG DESCRIPTION
+
+The Active Directory module for Windows PowerShell is for IT Professionals who
+are administering and interfacing with Active Directory. The Active Directory
+module provides an efficient way to complete many administrative,
+configuration, and diagnostic tasks across Active Directory Domain Services (AD
+DS) and Active Directory Lightweight Directory Services (AD LDS) instances in
+their environments. The Active Directory module includes a set of Windows
+PowerShell cmdlets and a provider. The provider exposes the Active Directory
+database through a hierarchical navigation system, which is very similar to the
+file system. As with drives in a file system, such as C:, you can connect
+Windows PowerShell drives to Active Directory domains and AD LDS, as well as
+Active Directory snapshots.
+
+### Coverage of Active Directory Module Cmdlets
+
+Create, Read, Update, and Delete actions are supported for Active Directory
+objects by cmdlets such as `New-ADUser`, `Get-ADOrganizationalUnit`,
+`Set-ADComputer`, and `Remove-ADUser`.
+
+Account and Password Policy Management are supported by cmdlets such as
+`Enable-ADAccount`, `Unlock-ADAccount`, `New-ADServiceAccount`,
+`Set-ADAccountControl`, and `Remove-ADFineGrainedPasswordPolicy`.
+
+Domain and Forest Management is supported by cmdlets such as `Get-ADForest`,
+`Set-ADForest`, `Set-ADForestMode`, `Enable-ADOptionalFeature`,
+`Get-ADDomainController`, and `Get-ADDomain`.
+
+### Listing the Active Directory Module Cmdlets
+
+To get a list of all of the Active Directory module cmdlets, run
+
+```powershell
+Get-Command -Module ActiveDirectory
+```
+
+### Getting Started
+
+Getting started with the Active Directory module for Windows PowerShell is as
+easy as clicking the following shortcut:
+
+Run the following command in any Windows PowerShell prompt to import the Active
+Directory module:
+
+```powershell
+Import-Module ActiveDirectory
+```
+
+### Overview and Conceptual Topics
+
+The first two of these topics offer a high level overview of the Active
+Directory module and the Active Directory Provider.
+
+- For a brief introduction to the Active Directory provider for Windows
+ PowerShell, see [ActiveDirectory](/powershell/module/activedirectory).
+- The following topics are conceptual support topics for the Active Directory
+ module cmdlets.
+ - For an introduction to the **Identity** parameter, which is used by the
+ Active Directory module cmdlets to identify objects in the directory, see
+ [about_ActiveDirectory_Identity](about_ActiveDirectory_Identity.md).
+ - For an introduction to the **Filter** parameter which is used by Active
+ Directory module cmdlets to search for objects in the directory, see
+ [about_ActiveDirectory_Filter](about_ActiveDirectory_Filter.md).
+ - For an introduction to the .NET Framework-based object model implemented by
+ the Active Directory module, see
+ [about_ActiveDirectory_ObjectModel](about_ActiveDirectory_ObjectModel.md).
diff --git a/docset/winserver2016-ps/activedirectory/About/about_ActiveDirectory_Filter.md b/docset/winserver2016-ps/activedirectory/About/about_ActiveDirectory_Filter.md
new file mode 100644
index 0000000000..23a83c0a0a
--- /dev/null
+++ b/docset/winserver2016-ps/activedirectory/About/about_ActiveDirectory_Filter.md
@@ -0,0 +1,351 @@
+---
+title: about_ActiveDirectory_Filter
+ms.date: 04/22/2013
+description: Describes the syntax and behavior of the search filter supported by the Active Directory module for Windows PowerShell.
+Locale: en-US
+schema: 2.0.0
+---
+
+# about_ActiveDirectory_Filter
+
+## SHORT DESCRIPTION
+
+Describes the syntax and behavior of the search filter supported by the Active
+Directory module for Windows PowerShell.
+
+## LONG DESCRIPTION
+
+Most get-AD* Active Directory module cmdlets use the Filter parameter to search
+for objects. The Filter parameter has been implemented to replace the function
+of the LDAP Filter and adds support for PowerShell variables, rich data types,
+improved error checking and an Active Directory extended form of the PowerShell
+Expression Language.
+
+
+- Support for LDAP Filter Syntax
+
+ The LDAP filter syntax is supported through the **LDAPFilter** parameter. You
+ will find LDAP filter examples along with the new Active Directory module
+ filter examples in the Filter Examples section of this topic.
+
+
+- Search Breadth and Depth
+
+ The breadth and depth of your filter-driven search can be modified by two
+ Active Directory module cmdlet parameters: **SearchBase** and **SearchScope**.
+
+ When within the context of the Active Directory provider, if the
+ **Searchbase** parameter is not specified, **SearchBase** will default to the
+ current path. When not running under the Active Directory provider, the
+ **SearchBase** will default to the server's **DefaultNamingContext**.
+
+ The **SearchScope** parameter defaults to the value `Subtree`, of the
+ enumerated type **ADSearchScope**.
+
+ For more information, see the **SearchBase** and **SearchScope** parameter
+ descriptions on any `Get-AD*` cmdlet.
+
+- Search Result Behavior
+
+ The behavior of the Active Directory module when returning results of a
+ search is modified by two cmdlet parameters: **ResultPageSize** and
+ **ResultSetSize**.
+
+ **ResultSetSize** controls the maximum number of returned objects.
+
+ **ResultPageSize** specifies the maximum number of objects for each returned
+ page of information.
+
+ See the **ResultPageSize** and **ResultSetSize** parameter descriptions on
+ any `Get-AD*` cmdlet for more information.
+
+
+- Timeout Behavior
+
+ The following statements specify timeout conditions within the Active
+ Directory module and describe what can be done about a timeout them.
+
+ The default Active Directory module timeout for all operations is 2
+ minutes.
+
+ For search operation, the Active Directory module uses paging control
+ with a 2-minute timeout for each page search.
+
+ > [!NOTE]
+ > Because a search may involve multiple server page requests the overall
+ > search time may exceed 2 minutes.
+
+ A **TimeoutException** error indicates that a timeout has occurred.
+
+ For a search operation, you can choose to use a smaller page size, set with
+ the **ResultPageSize** parameter, if you are getting a **TimeoutException**
+ error.
+
+ If after trying these changes you are still getting a **TimeoutException**
+ error, consider optimizing your filter using the guidance in the
+ Optimizing Filters section of this topic.
+
+
+- Optimizing Filters
+
+ You can enhance the search filter behavior by using these guidelines.
+
+ - Avoid using the **Recursive** parameter as it intensifies resource usage of
+ the search operation.
+ - Avoid using bitwise AND operators and bitwise OR operators. For more
+ information, see the Supported Operators section of this topic.
+ - Avoid using the logical NOT operator.
+ - Break down your search into multiple queries with narrower conditions.
+
+ For a full description of filter syntax and usage, see the Filter Syntax
+ section of this topic.
+
+
+## Filter Examples
+
+The following section shows many examples of filter use in common queries.
+
+### Example 1 - Get all entries:
+
+- LDAP Filter Equivalent: `(objectClass=*)`
+
+```powershell
+Get-ADObject -Filter 'ObjectClass -like "*"'
+```
+
+### Example 2 - Get entries containing "bob" somewhere in the common name
+
+- LDAP Filter Equivalent: `(cn=*bob*)`
+
+```powershell
+Get-ADObject -Filter 'CN -like "*bob*"'
+```
+
+### Example 3 - Get entries with a bad password count greater than five
+
+- LDAP Filter Equivalent: `(&(!badpwdcount<=5)(badpwdcount=*))`
+
+```powershell
+Get-ADUser -Filter 'badpwdcount -ge 5'
+```
+
+### Example 4 - Get all users with an e-mail attribute
+
+- LDAP Filter Equivalent: `(&(objectClass=user)(email=*))`
+
+```powershell
+Get-ADUser -filter 'email -like "*"'
+```
+
+-or-
+
+```powershell
+Get-ADObject -filter 'email -like "*" -and ObjectClass -eq "user"'
+```
+
+### Example 5 - Get all user entries with an e-mail attribute and a surname equal to "smith":
+
+- LDAP Filter Equivalent: `(&(sn=smith)(objectClass=user)(email=*))`
+
+```powershell
+Get-ADUser -Filter 'Email -like "*" -and SurName -eq "smith"'
+```
+
+-or-
+
+```powershell
+Get-ADUser -Filter 'Email -like "*" -and sn -eq "smith"'
+```
+
+
+### Example 6 - Get all user entries with a common name that starts with "andy" and users with a common name of "steve" or "margaret"
+
+- LDAP Filter Equivalent: `(&(objectClass=user) | (cn=andy*)(cn=steve)(cn=margaret))`
+
+```powershell
+Get-ADUser -Filter 'CN -like "andy*" -or CN -eq "steve" -or CN -eq "margaret"'
+```
+
+
+This example demonstrates a more complex logic and the use of precedence
+control via parenthesis.
+
+```powershell
+Get-ADObject -Filter 'objectClass -eq "user" -and (CN -like "andy*" -or CN -eq "steve" -or CN -eq "margaret")'
+```
+
+### Example 7 - Get all entries without an e-mail attribute
+
+- LDAP Filter Equivalent: `(!(email=*))`
+
+```powershell
+Get-ADUser -Filter '-not Email -like "*"'
+```
+
+-or-
+
+```powershell
+Get-ADUser -Filter 'Email -notlike "*"'
+```
+
+### Example 8 - Get all users who did not logon since January 1, 2007
+
+- LDAP Filter Equivalent: `(&(lastlogon<=X)(objectClass=user))` where X is
+ number of 100-nanosecond slices since Jan 1st 1601
+
+```powershell
+$date = new-object System.DateTime -ArgumentList @(2007,1,1,0,0,0)
+Get-ADUser -Filter '-not LastLogon -le $date'
+```
+
+### Example 9 - Get all users who have logged on in the last 5 days
+
+- LDAP Filter Equivalent:
+
+ ```
+ (&(lastLogon>=128812906535515110)
+ (objectClass=user)(!(objectClass=computer)))
+ ```
+
+```powershell
+$date = (get-date) - (new-timespan -days 5)
+Get-ADUser -Filter 'lastLogon -gt $date'
+```
+
+### Example 10 - Search for group objects that have the ADS_GROUP_TYPE_SECURITY_ENABLED flag set
+
+- LDAP Filter Equivalent:
+ `(&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2147483648))`
+
+The following example query string searches for group objects that have the
+ADS_GROUP_TYPE_SECURITY_ENABLED flag set. Be aware that the decimal value of
+ADS_GROUP_TYPE_SECURITY_ENABLED (0x80000000 = 2147483648) is used for the
+comparison value.
+
+```powershell
+Get-ADGroup -filter 'groupType -band 0x80000000'
+```
+
+### Example 11 - Search the ancestry of an object
+
+- LDAP Filter Equivalent:
+ `(memberof:1.2.840.113556.1.4.1941:=(cn=Group1,OU=groupsOU,DC=x)))`
+
+The LDAP_MATCHING_RULE_IN_CHAIN is a matching rule OID that is designed to
+provide a method to look up the ancestry of an object. Many applications using
+Active Directory and AD LDS usually work with hierarchical data, which is
+ordered by parent-child relationships. Previously, applications performed
+transitive group expansion to figure out group membership, which used a lot of
+network bandwidth. Applications made multiple round-trips to figure out if an
+object fell "in the chain" if a link were traversed through to the end.
+
+An example of such a query is one designed to check if a user, "user1" is a
+member of group "group1". "user1" may not be a direct member of group1. It
+could be a member of some other group, which is a member of "group1".
+
+You would set the base to the user DN and the scope to base, and use the query:
+
+```powershell
+Get-ADUser -Filter 'memberOf -RecursiveMatch "CN=Administrators, CN=Builtin,DC=Fabrikam,DC=com"' -SearchBase "CN=Administrator,CN=Users,DC=Fabrikam,DC=com"
+```
+
+## Filter Syntax
+
+The following syntax descriptions use Backus-Naur form to show the PowerShell
+Expression Language for the Filter parameter.
+
+```Syntax
+ ::= "{" "}"
+
+ ::= |
+ |
+
+
+ ::= |
+ "(" ")"
+
+ ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt" |
+ "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" |
+ "-notlike"
+
+ ::= "-and" | "-or"
+
+ ::= "-not"
+
+ ::= |
+
+::= < this value will be compared to the object data for
+ attribute using the specified filter operator
+```
+
+
+## Supported Operators
+
+The following table shows frequently used search filter operators.
+
+| Operator | Description | LDAP Equivalent |
+| ----------------- | -------------------------------------- | -------------------------- |
+| `-eq` | Equal to. Wildcards not supported. | = |
+| `-ne` | Not equal to. Wildcards not supported. | !x = y |
+| `-approx` | Approximately equal to | ~= |
+| `-le` | Lexicographically less than | <= |
+| | or equal to | |
+| `-lt` | Lexicographically less than | !x >= y |
+| `-ge` | Lexicographically greater | >= |
+| | than or equal to | |
+| `-gt` | Lexicographically greater than | !x <= y |
+| | | |
+| `-and` | AND | & |
+| `-or` | OR | |
+| `-not` | NOT | ! |
+| `-bor` | Bitwise OR | :1.2.840.113556.1.4.804:= |
+| `-band` | Bitwise AND | :1.2.840.113556.1.4.803:= |
+| `-recursivematch` | Use LDAP_MATCHING_RULE_IN_CHAIN | :1.2.840.113556.1.4.1941:= |
+| `-like` | Similar to `-eq` and supports | = |
+| | wildcard comparison. The only | |
+| | wildcard character supported is: `*` | |
+| `-notlike` | Not like. Supports wild | !x = y |
+| | card comparison. | |
+
+> [!NOTE]
+> PowerShell wildcards, other than "*", such as "?" are not supported by the
+> **Filter** parameter syntax.
+
+### Operator Precedence
+
+The following listing shows the precedence of operators for filters from
+highest to lowest.
+
+- Highest precedence: `-eq`, `-ge`, `-le`, `-approx`, `-band`, `-bor`,
+ `-recursivematch`, `-ne`, `-like`, `-not`, `-and`
+- Lowest precedence: `-or`
+
+### Special Characters
+
+The following escape sequence should be used for specifying special characters
+in AD Filter STRING data, that is, data enclosed in double or single quotes.
+
+| ASCII Character | Escape sequence substitute |
+| --------------- | --------------------------------------------------- |
+| `"` | `` `" `` (This escape sequence is only required if |
+| | STRING data is enclosed in double quotes.) |
+| `'` | `''` (This escape sequence is only required if |
+| | STRING data is enclosed in single quotes.) |
+| NUL | `\00` (This is a standard LDAP escape sequence.) |
+| `\` | `\5c` (This is a standard LDAP escape sequence.) |
+
+### LDAP Special Characters
+
+ADFilter parser will automatically convert all the below characters found in
+STRING data, that is data enclosed in " " or ' ' to their LDAP escape sequence.
+End users need not know about these LDAP escape sequence.
+
+| ASCII Character | Escape sequence substitute |
+| --------------- | ----------------------------------------------- |
+| `*` | `\2a` (Character `*` will only be converted in |
+| | -eq and -ne comparisons Users should use |
+| | -like and -notlike operators for wildcard |
+| | comparison.) |
+| `(` | `\28` |
+| `)` | `\29` |
+| `/` | `\2f` |
diff --git a/docset/winserver2016-ps/activedirectory/About/about_ActiveDirectory_Identity.md b/docset/winserver2016-ps/activedirectory/About/about_ActiveDirectory_Identity.md
new file mode 100644
index 0000000000..c007277b19
--- /dev/null
+++ b/docset/winserver2016-ps/activedirectory/About/about_ActiveDirectory_Identity.md
@@ -0,0 +1,196 @@
+---
+title: about_ActiveDirectory_Identity
+ms.date: 04/22/2013
+description: This article lists the identifying attributes that are used for search and retrieval supported by the Active Directory module for Windows PowerShell.
+Locale: en-US
+schema: 2.0.0
+---
+
+# about_ActiveDirectory_Identity
+
+## SHORT DESCRIPTION
+
+The Active Directory module for Windows PowerShell objects have a range of
+identifying attributes that are used for search and retrieval.
+
+## LONG DESCRIPTION
+
+In order to identify the objects in Active Directory, each object has
+attributes that can be used as identifiers. In the Active Directory module, the
+value of the identity of an object can be passed using the Identity parameter.
+Each object type has its own set of possible types and values for use by the
+Identity parameter. See the detailed description of the Identity parameter of
+the given cmdlet for more information about its usage.
+
+When searching with the Active Directory module cmdlets, the value of the
+Identity parameter, along with the values of the Server and Partition
+parameters, is used to uniquely identify a single object. The Server parameter
+is used to locate which server to connect with. The Partition parameter further
+narrows the search to a specific partition. The Identity parameter then
+resolves to a single unique object in the partition.
+
+Note that using the Security Accounts Manager (SAM) Account Name
+(**sAMAccountName**) when targeting a global catalog port, you will not find a
+user in a different domain if you are using the Identity parameter
+
+If more than one object is found using identity resolution, the Active
+Directory module throws an error.
+
+For more information about the Server and Partition parameters, see the help
+topics for the individual cmdlets where they are used, such as `Get-ADUser`, by
+typing:
+
+```powershell
+Get-Help Get-ADUser
+```
+
+### Objects and Identities
+
+Each object has a list of attributes that can be used as an identity for that
+object. Additionally, if the object inherits from another object, then the
+parent object's identities can also be used as the child object's identities.
+For more information on the Active Directory object hierarchy, see
+[about_ActiveDirectory_ObjectModel](about_ActiveDirectory_ObjectModel.md).
+
+> [!NOTE]
+> For Active Directory Provider cmdlets, only an object's 'Distinguished Name'
+> or 'Relative Distinguished Name' can be used as the identity. For a list of
+> Active Directory Provider cmdlets, see ActiveDirectory.
+
+### Identity Attributes
+
+The following is a list of identity attributes by object type.
+
+- ADAccount
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Security Identifier (objectSid)
+ - SAM Account Name (sAMAccountName)
+
+- ADComputer
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Security Identifier (objectSid)
+ - Security Accounts Manager Account Name (sAMAccountName)
+
+- ADDirectoryServer
+ - Name of the server object (name)
+ - For AD LDS instances the syntax of a name is `$`
+ - For other Active Directory instances, use the value of the name property.
+ - Distinguished Name of the NTDS Settings object
+ - Distinguished Name of the server object that represents the directory
+ server.
+ - GUID (objectGUID) of server object under the configuration partition.
+ - GUID (objectGUID) of NTDS settings object under the configuration partition
+
+- ADDomain
+ - Distinguished Name
+ - GUID
+ - Security Identifier
+ - DNS domain name
+ - NetBIOS domain name
+
+- ADDomainController
+ - GUID (objectGUID)
+ - IPV4Address
+ - Global IPV6Address
+ - DNS Host Name (dNSHostName)
+ - Name of the server object
+ - Distinguished Name of the NTDS Settings object
+ - Distinguished Name of the server object that represents the domain controller
+ - GUID of NTDS settings object under the configuration partition
+ - GUID of server object under the configuration partition
+ - Distinguished Name of the computer object that represents the domain controller.
+
+- ADFineGrainedPasswordPolicy
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Name (name)
+
+- ADForest
+ - Fully qualified domain name
+ - DNS host name
+ - NetBIOS name
+
+- ADGroup
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Security Identifier (objectSid)
+ - Security Accounts Manager (SAM) Account Name (sAMAccountName)
+
+- ADObject
+ - Distinguished Name
+ - GUID (objectGUID)
+
+- ADOptionalFeature
+ - Distinguished Name
+ - Name (name)
+ - Feature GUID (featureGUID)
+ - GUID (objectGUID)
+
+- ADOrganizationalUnit
+ - Distinguished Name
+ - GUID (objectGUID)
+
+- ADPrincipal
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Security Identifier (objectSid)
+ - SAM Account Name (sAMAccountName)
+
+- ADServiceAccount
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Security Identifier (objectSid)
+ - SAM Account Name (sAMAccountName)
+
+- ADUser
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Security Identifier (objectSid)
+ - SAM User Name (sAMUserName)
+
+
+### Identities Formats
+
+Active Directory module objects have a range of identity attributes. Below is a
+list of these, their types and formats.
+
+- Distinguished Name
+ - Example: CN=SaraDavis,CN=Europe,CN=Users, DC=corp,DC=contoso,DC=com
+
+- DNS domain name
+ - Example: redmond.corp.contoso.com
+
+- DNS Host Name (dNSHostName)
+ - Example: corp-DC01.corp.contoso.com
+
+- Feature GUID (featureGUID)
+ - Example: 599c3d2e-f72d-4d20-8a88-030d99495f20
+
+- Fully qualified domain name
+ - Example: corp.contoso.com
+
+- Global IPV6Address
+ - Example: 2001:4898:0:fff:200:5efe:157.59.132.61
+
+- GUID (objectGUID)
+ - Example: 599c3d2e-f72d-4d20-8a88-030d99495f20
+
+- IPV4Address
+ - Example:157.59.132.61
+
+- NetBIOS domain name
+ - Example: redmond
+
+- Name of the server object
+ - Example: corp-DC01$
+
+- SAM Account Name (sAMAccountName)
+ - Example: saradavisreports
+
+- Security Identifier (objectSid)
+ - Example: S-1-5-21-3165297888-301567370-576410423-1103
+
+- Name
+ - Example: Recycle Bin Feature
diff --git a/docset/winserver2016-ps/activedirectory/About/about_ActiveDirectory_ObjectModel.md b/docset/winserver2016-ps/activedirectory/About/about_ActiveDirectory_ObjectModel.md
new file mode 100644
index 0000000000..8535a97464
--- /dev/null
+++ b/docset/winserver2016-ps/activedirectory/About/about_ActiveDirectory_ObjectModel.md
@@ -0,0 +1,595 @@
+---
+title: about_ActiveDirectory_ObjectModel
+ms.date: 04/22/2013
+description: Describes the object model of the Active Directory module for Windows PowerShell.
+Locale: en-US
+schema: 2.0.0
+---
+
+# about_ActiveDirectory_ObjectModel
+
+## SHORT DESCRIPTION
+Describes the object model of the Active Directory module for Windows
+PowerShell.
+
+## LONG DESCRIPTION
+
+This topic explains the Active Directory module classes and their properties
+used to model actual Active Directory attributes. It also outlines the class
+hierarchy constructed from its Active Directory counterpart. The object model
+establishes a data foundation for all the operations supported by Active
+Directory module cmdlets.
+
+### Class Hierarchy
+
+The following list shows the class hierarchy defined in the Active Directory
+module object model, with class inheritance implied by indentation. This
+inheritance model allows for Active Directory cmdlets to accept a range of
+object types as input. This means, for example, that the cmdlet
+Get-ADPrincipalGroupMembership can accept as input any of the following
+objects: ADGroup, ADAccount, ADComputer, ADServiceAccount or ADUser. This works
+because of the inheritance model and guarantees that an ADUser object has all
+of the properties of an ADPrincipal object.
+
+```
+ADEntity
+ ADRootDSE
+ ADObject
+ ADFineGrainedPasswordPolicy
+ ADOptionalFeature
+ ADOrganizationalUnit
+ ADPartition
+ ADDomain
+ ADPrincipal
+ ADAccount
+ ADComputer
+ ADServiceAccount
+ ADUser
+ ADGroup
+ ADDefaultDomainPasswordPolicy
+ ADForest
+ ADDirectoryServer
+ ADDomainController
+```
+
+### Active Directory Module Classes
+
+The following listing shows every Active Directory module class from the class
+hierarchy listing. Each class defines a set of properties, some of which are
+LDAP attributes that are retrieved by default and some are new properties
+created specifically for the Active Directory module. These new properties are
+derived from one or more LDAP attributes as outlined in the class listings.
+
+
+- ADEntity - The base level class from which all other classes are derived.
+ - ADRootDSE - Represents the rootDSE and is derived from ADEntity. An
+ ADRootDSE may contain the following properties in addition to those
+ inherited from its parent.
+ - ConfigurationNamingContext - A property of type System.String, derived
+ from the directory attribute ConfigurationNamingContext
+ - CurrentTime - A property of type System.DateTime, derived from the
+ directory attribute CurrentTime
+ - DefaultNamingContext - A property of type System.String, derived from the
+ directory attribute DefaultNamingContext
+ - DnsHostName - A property of type System.String, derived from the
+ directory attribute DnsHostName
+ - DomainControllerFunctionality - A property of type
+ ADDomainControllerMode, derived from the directory attribute
+ DomainControllerFunctionality
+ - DomainFunctionality - A property of type ADDomainMode, derived from the
+ directory attribute DomainFunctionality
+ - DsServiceName - A property of type System.String, derived from the
+ directory attribute DsServiceName
+ - ForestFunctionality - A property of type ADForestMode, derived from the
+ directory attribute ForestFunctionality
+ - GlobalCatalogReady - A property of type System.Boolean, derived from the
+ directory attribute GlobalCatalogReady
+ - HighestCommittedUSN - A property of type System.Long, derived from the
+ directory attribute HighestCommittedUSN
+ - LdapServiceName - A property of type System.String, derived from the
+ directory attribute LdapServiceName
+ - NamingContexts - A property of type System.String, derived from the
+ directory attribute NamingContexts
+ - RootDomainNamingContext - A property of type System.String, derived from
+ the directory attribute RootDomainNamingContext
+ - SchemaNamingContext - A property of type System.String, derived from the
+ directory attribute SchemaNamingContext
+ - ServerName - A property of type System.String, derived from the directory
+ attribute ServerName
+ - SubschemaSubentry - A property of type ADObject, derived from the
+ directory attribute SubschemaSubentry
+ - SupportedCapabilities - A property of type ADObjectIdentifier, derived
+ from the directory attribute SupportedCapabilities
+ - SupportedControl - A property of type ADObjectIdentifier, derived from
+ the directory attribute SupportedControl
+ - SupportedLDAPPolicies - A property of type System.String, derived from
+ the directory attribute SupportedLDAPPolicies
+ - SupportedLDAPVersion - A property of type System.Int, derived from the
+ directory attribute SupportedLDAPVersion
+ - SupportedRootDSEOperations - A property of type
+ ADPropertyValueCollection, derived from the directory attribute
+ SupportedRootDSEOperations
+ - SupportedSASLMechanisms - A property of type System.String, derived from
+ the directory attribute SupportedSASLMechanisms
+ - Syncronized - A property of type System.Boolean, derived from the
+ directory attribute IsSynchronized.
+ - ADObject - Represents any object in Active Directory and is derived from
+ ADEntity. An ADObject may contain the following properties in addition to
+ those inherited from its parent.
+ - CanonicalName - A property of type System.String, derived from the
+ directory attribute: canonicalName
+ - CN - A property of type System.String, derived from the directory
+ attribute: cn
+ - Created - A property of type System.DateTime, derived from the directory
+ attribute: createTimeStamp
+ - Deleted - A property of type System.Boolean, derived from the directory
+ attribute: isDeleted
+ - Description - A property of type System.String, derived from the
+ directory attribute: description
+ - DisplayName - A property of type System.String, derived from the
+ directory attribute: displayName
+ - DistinguishedName - A property of type System.String, derived from the
+ directory attribute: distinguishedName
+ - LastKnownParent - A property of type System.String, derived from the
+ directory attribute: lastKnownParent
+ - Modified - A property of type System.DateTime, derived from the directory
+ attribute: modifyTimeStamp
+ - Name - A property of type System.String, derived from the directory
+ attribute: name
+ - ObjectCategory - A property of type System.String, derived from the
+ directory attribute: objectCategory
+ - ObjectClass - A property of type System.String, derived from the
+ directory attribute: objectClass
+ - ObjectGUID - A property of type System.Guid, derived from the directory
+ attribute: objectGUID
+ - ProtectedFromAccidentalDeletion - A property of type System.Boolean,
+ derived from the directory attributes: nTSecurityDescriptor,
+ sdRightsEffective, instanceType, isDeleted
+ - ADFineGrainedPasswordPolicy Represents a fine grained password policy
+ object; that is, an AD object of type msDS-PasswordSettings in AD DS and
+ is derived from ADObject. This class is not supported by AD LDS. An
+ ADFineGrainedPasswordPolicy may contain the following properties in
+ addition to those inherited from its parent.
+ - AppliesTo - A property of type System.String, derived from the
+ directory attribute: msDS-PSOAppliesTo
+ - ComplexityEnabled - A property of type System.Boolean, derived from the
+ directory attribute: msDS-PasswordComplexityEnabled
+ - LockoutDuration - A property of type System.TimeSpan, derived from the
+ directory attribute: msDS-LockoutDuration
+ - LockoutObservationWindow - A property of type System.TimeSpan, derived
+ from the directory attribute: msDS-LockoutObservationWindow
+ - LockoutThreshold - A property of type System.Int32, derived from the
+ directory attribute: msDS-LockoutThreshold
+ - MaxPasswordAge - A property of type System.TimeSpan, derived from the
+ directory attribute: msDS-MaximumPasswordAge
+ - MinPasswordAge - A property of type System.TimeSpan, derived from the
+ directory attribute: msDS-MinimumPasswordAge
+ - MinPasswordLength - A property of type System.Int32, derived from the
+ directory attribute: msDS-MinimumPasswordLength
+ - PasswordHistoryCount - A property of type System.Int32, derived from
+ the directory attribute: msDS-PasswordHistoryLength
+ - Precedence - A property of type System.Int32, derived from the
+ directory attribute: msDS-PasswordSettingsPrecedence
+ - ReversibleEncryptionEnabled - A property of type System.Boolean,
+ derived from the directory attribute:
+ msDS-PasswordReversibleEncryptionEnabled
+ - ADOptionalFeature Represents an optional feature, an Active Directory
+ object of type msDS-OptionalFeature, and is derived from ADObject. An
+ ADOptionalFeaturemay contain the following properties in addition to
+ those inherited from its parent.
+ - EnabledScopes - A property of type System.String, derived from the
+ directory attribute: msDS-EnabledFeatureBL
+ - FeatureGUID - A property of type System.Guid, derived from the
+ directory attribute: msDS-OptionalFeatureGUID
+ - FeatureScope - A property of type System.Int32, derived from the
+ directory attribute: msDS-OptionalFeatureFlags
+ - IsDisableable - A property of type System.Boolean, derived from the
+ directory attribute: msDS-OptionalFeatureFlags
+ - RequiredDomainMode - A property of type
+ Microsoft.ActiveDirectory.Management.ADDomainMode, derived from the
+ directory attribute: msDS-RequiredDomainBehaviorVersion
+ - RequiredForestMode - A property of type
+ Microsoft.ActiveDirectory.Management.ADForestMode, derived from the
+ directory attribute: msDS-RequiredForestBehaviorVersion
+ - ADOrganizationalUnit Represents an organizationalUnit (OU) object and is
+ derived from ADObject. An ADOrganizationalUnit may contain the following
+ properties in addition to those inherited from its parent.
+ - City - A property of type System.String, derived from the directory
+ attribute: l
+ - Country - A property of type System.String, derived from the directory
+ attribute: c
+ - LinkedGroupPolicyObjects - A property of type System.String, derived
+ from the directory attribute: gpLink. This property is not supported on
+ AD LDS.
+ - ManagedBy - A property of type System.String, derived from the
+ directory attribute: managedBy
+ - PostalCode - A property of type System.String, derived from the
+ directory attribute: postalCode
+ - State - A property of type System.String, derived from the directory
+ attribute: st
+ - StreetAddress - A property of type System.String, derived from the
+ directory attribute: street
+ - ADPartition - Represents a naming context, Configuration, Schema, Domain
+ or Application Partition(ND NC) and is derived from ADObject. This class
+ is not supported by AD LDS. An ADPartition may contain the following
+ properties in addition to those inherited from its parent.
+ - DeletedObjectsContainer - A property of type System.String, derived
+ from the directory attribute: DeletedObjectsContainer
+ - DNSRoot - A property of type System.String, derived from the directory
+ attribute: DNSRoot
+ - LostAndFoundContainer - A property of type System.String, derived from
+ the directory attribute: LostAndFoundContainer
+ - QuotasContainer - A property of type System.String, derived from the
+ directory attribute: QuotasContainer
+ - ReadOnlyReplicaDirectoryServers - A property of type System.String,
+ derived from the directory attribute: ReadOnlyReplicaDirectoryServers
+ - ReplicaDirectoryServers - A property of type System.String, derived
+ from the directory attribute: ReplicaDirectoryServers
+ - SubordinateReferences - A property of type System.String, derived from
+ the directory attribute: SubordinateReferences
+ - ADDomain - Represents a domain in AD DS or an instance in AD LDS; for
+ example, an Active Directory object of type domainDNS and is derived
+ from ADPartition. This class is not supported by AD LDS. An ADDomain
+ may contain the following properties in addition to those inherited
+ from its parent.
+ - AllowedDNSSuffixes - A property of type System.String, derived from
+ the directory attribute: msDS-AllowedDNSSuffixes
+ - ChildDomains - A property of type System.String, derived from the
+ directory attribute: ChildDomains
+ - ComputersContainer - A property of type System.String, derived from
+ the directory attribute: ComputersContainer
+ - DomainControllersContainer - A property of type System.String,
+ derived from the directory attribute: DomainControllersContainer
+ - DomainMode - A property of type System.Int32, derived from the
+ directory attribute: msDS-Behavior-Version
+ - DomainSID - A property of type
+ System.Security.Principal.SecurityIdentifier, derived from the
+ directory attribute: objectSid
+ - ForeignSecurityPrincipalsContainer - A property of type
+ System.String, derived from the directory attribute:
+ ForeignSecurityPrincipalsContainer
+ - Forest - A property of type System.String, derived from the directory
+ attribute: Forest
+ - InfrastructureMaster - A property of type System.String, derived from
+ the directory attribute: InfrastructureMaster
+ - LastLogonReplicationInterval - A property of type System.TimeSpan,
+ derived from the directory attribute: msDS-LogonTimeSyncInterval
+ - LinkedGroupPolicyObjects - A property of type System.String, derived
+ from the directory attribute: LinkedGroupPolicyObjects
+ - ManagedBy - A property of type System.String, derived from the
+ directory attribute: managedBy
+ - NetBIOSName - A property of type System.String, derived from the
+ directory attribute: NetBIOSName
+ - ParentDomain - A property of type System.String, derived from the
+ directory attribute: ParentDomain
+ - PDCEmulator - A property of type System.String, derived from the
+ directory attribute: PDCEmulator
+ - RIDMaster - A property of type System.String, derived from the
+ directory attribute: RIDMaster
+ - SystemsContainer - A property of type System.String, derived from the
+ directory attribute: SystemsContainer
+ - UsersContainer - A property of type System.String, derived from the
+ directory attribute: UsersContainer
+ - ADPrincipal - Represents a security principal, which is an Active
+ Directory object of type user, computer, group or iNetOrgPerson and is
+ derived from ADObject. An ADPrincipal may contain the following
+ properties in addition to those inherited from its parent.
+ - HomePage - A property of type System.String, derived from the
+ directory attribute: wWWHomePage
+ - MemberOf - A property of type System.String, derived from the
+ directory attribute: memberOf
+ - SamAccountName - A property of type System.String, derived from the
+ directory attribute: sAMAccountName. This property is not supported
+ for AD LDS.
+ - SID - A property of type
+ System.Security.Principal.SecurityIdentifier, derived from the
+ directory attribute: objectSid
+ - SIDHistory - A property of type
+ System.Security.Principal.SecurityIdentifier, derived from the
+ directory attribute: sIDHistory. This property is not supported for
+ AD LDS.
+ - ADAccount - Represents a security account; that is, an Active
+ Directory object of type user, computer or iNetOrgPerson and is
+ derived from ADPrincipal. An ADAccount may contain the following
+ properties in addition to those inherited from its parent.
+ - AccountExpirationDate - A property of type System.DateTime, derived
+ from the directory attribute: accountExpires
+ - AccountLockoutTime - A property of type System.DateTime, derived
+ from the directory attribute: lockoutTime
+ - AccountNotDelegated - A property of type System.Boolean, derived
+ from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - AllowReversiblePasswordEncryption - A property of type
+ System.Boolean, for AD DS it is derived from the directory
+ attribute: userAccountControl; for AD LDS it is derived from the
+ directory attribute: ms-DS-UserEncryptedTextPasswordAllowed
+ - BadLogonCount - A property of type System.Int32, derived from the
+ directory attribute: badPwdCount
+ - CannotChangePassword - A property of type System.Boolean, derived
+ from the directory attribute: nTSecurityDescriptor
+ - Certificates - A property of type
+ System.Security.Cryptography.X509Certificates.X509Certificate,
+ derived from the directory attribute: userCertificate
+ - DoesNotRequirePreAuth - A property of type System.Boolean, derived
+ from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - Enabled - A property of type System.Boolean, for AD DS it is
+ derived from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed; for AD LDS it is derived from
+ the directory attribute msDS-UserAccountDisabled
+ - HomedirRequired - A property of type System.Boolean, derived from
+ the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - LastBadPasswordAttempt - A property of type System.DateTime,
+ derived from the directory attribute: badPasswordTime
+ - LastLogonDate - A property of type System.DateTime, derived from
+ the directory attribute: lastLogonTimestamp
+ - LockedOut - A property of type System.Boolean, for AD DS it is
+ derived from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed, lockoutTime; for AD LDS it is
+ derived from the directory attribute msDS-UserAccountDisabled
+ - MNSLogonAccount - A property of type System.Boolean, derived from
+ the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - PasswordExpired - A property of type System.Boolean, for AD DS it
+ is derived from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed; for AD LDS it is derived from
+ the directory attribute msDS-UserPasswordExpired
+ - PasswordLastSet - A property of type System.DateTime, derived from
+ the directory attribute: pwdLastSet
+ - PasswordNeverExpires - A property of type System.Boolean, for AD
+ LDS it is derived from the directory attributes:
+ userAccountControl, msDS-User-Account-Control-Computed; for AD LDS
+ it is derived from the directory attribute:
+ msDS-UserDontExpirePassword
+ - PasswordNotRequired - A property of type System.Boolean, for AD DS
+ it is derived from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed; for AD LDS it is derived from
+ the directory attribute: ms-DS-UserPasswordNotRequired
+ - PrimaryGroup - A property of type System.String, derived from the
+ directory attributes: primaryGroupID, objectSid. This property is
+ not supported by AD LDS.
+ - ServicePrincipalNames - A property of type System.String, derived
+ from the directory attribute: servicePrincipalName. This property
+ is not supported by AD LDS.
+ - TrustedForDelegation - A property of type System.Boolean, derived
+ from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - TrustedToAuthForDelegation - A property of type System.Boolean,
+ derived from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - UseDESKeyOnly - A property of type System.Boolean, derived from the
+ directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - UserPrincipalName - A property of type System.String, derived from
+ the directory attribute: userPrincipalName
+ - ADComputer - Represents a computer and is derived from ADAccount.
+ An ADComputer may contain the following properties in addition to
+ those inherited from its parent.
+ - DNSHostName - A property of type System.String, derived from the
+ directory attribute: dNSHostName
+ - IPv4Address - A property of type System.String, derived from the
+ directory attribute: dNSHostName
+ - IPv6Address - A property of type System.String, derived from the
+ directory attribute: dNSHostName
+ - Location - A property of type System.String, derived from the
+ directory attribute: location
+ - ManagedBy - A property of type System.String, derived from the
+ directory attribute: managedBy
+ - OperatingSystem - A property of type System.String, derived from
+ the directory attribute: operatingSystem
+ - OperatingSystemHotfix - A property of type System.String, derived
+ from the directory attribute: operatingSystemHotfix
+ - OperatingSystemServicePack - A property of type System.String,
+ derived from the directory attribute: operatingSystemServicePack
+ - OperatingSystemVersion - A property of type System.String,
+ derived from the directory attribute: operatingSystemVersion
+ - ServiceAccount - A property of type System.String, derived from
+ the directory attribute: msDS-HostServiceAccount
+ - ADServiceAccount - Represents a managed service account; that is,
+ an Active Directory object of type msDS-ManagerdServiceAccount and
+ is derived from ADAccount. This class is not supported by AD LDS.
+ An ADServiceAccount may contain the following properties in
+ addition to those inherited from its parent.
+ - HostComputers - A property of type System.String, derived from
+ the directory attribute: msDS-HostServiceAccountBL
+ - ADUser - Represents a user (or iNetOrgPerson) and is derived from
+ ADAccount. An ADUser may contain the following properties in
+ addition to those inherited from its parent.
+ - City - A property of type System.String, derived from the
+ directory attribute: l
+ - Company - A property of type System.String, derived from the
+ directory attribute: company
+ - Country - A property of type System.String, derived from the
+ directory attribute: c
+ - Department - A property of type System.String, derived from the
+ directory attribute: department
+ - Division - A property of type System.String, derived from the
+ directory attribute: division
+ - EmailAddress - A property of type System.String, derived from the
+ directory attribute: mail
+ - EmployeeID - A property of type System.String, derived from the
+ directory attribute: employeeID
+ - EmployeeNumber - A property of type System.String, derived from
+ the directory attribute: employeeNumber
+ - Fax - A property of type System.String, derived from the
+ directory attribute: facsimileTelephoneNumber
+ - GivenName - A property of type System.String, derived from the
+ directory attribute: givenName
+ - HomeDirectory - A property of type System.String, derived from
+ the directory attribute: homeDirectory. This property is not
+ supported by AD LDS.
+ - HomeDrive - A property of type System.String, derived from the
+ directory attribute: homeDrive. This property is not supported by
+ AD LDS.
+ - HomePhone - A property of type System.String, derived from the
+ directory attribute: homePhone
+ - Initials - A property of type System.String, derived from the
+ directory attribute: initials
+ - LogonWorkstations - A property of type System.String, derived
+ from the directory attribute: userWorkstations. This property is
+ not supported by AD LDS.
+ - Manager - A property of type System.String, derived from the
+ directory attribute: manager
+ - MobilePhone - A property of type System.String, derived from the
+ directory attribute: mobile
+ - Office - A property of type System.String, derived from the
+ directory attribute: physicalDeliveryOfficeName
+ - OfficePhone - A property of type System.String, derived from the
+ directory attribute: telephoneNumber
+ - Organization - A property of type System.String, derived from the
+ directory attribute: o
+ - OtherName - A property of type System.String, derived from the
+ directory attribute: middleName
+ - POBox - A property of type System.String, derived from the
+ directory attribute: postOfficeBox
+ - PostalCode - A property of type System.String, derived from the
+ directory attribute: postalCode
+ - ProfilePath - A property of type System.String, derived from the
+ directory attribute: profilePath. This property is not supported
+ by AD LDS.
+ - ScriptPath - A property of type System.String, derived from the
+ directory attribute: scriptPath. This property is not supported
+ by AD LDS.
+ - SmartcardLogonRequired - A property of type System.Boolean,
+ derived from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not
+ supported by AD LDS.
+ - State - A property of type System.String, derived from the
+ directory attribute: st
+ - StreetAddress - A property of type System.String, derived from
+ the directory attribute: streetAddress
+ - Surname - A property of type System.String, derived from the
+ directory attribute: sn
+ - Title - A property of type System.String, derived from the
+ directory attribute: title
+ - ADGroup -Represents a group and is derived from ADPrincipal. An
+ ADGroup may contain the following properties in addition to those
+ inherited from its parent.
+ - GroupCategory - A property of type
+ Microsoft.ActiveDirectory.Management.ADGroupCategory, derived from
+ the directory attribute: groupType
+ - GroupScope - A property of type
+ Microsoft.ActiveDirectory.Management.ADGroupScope, derived from the
+ directory attribute: groupType
+ - ManagedBy - A property of type System.String, derived from the
+ directory attribute: managedBy
+ - Members - A property of type System.String, derived from the
+ directory attribute: member
+ - ADDefaultDomainPasswordPolicy - Represents the domain-wide password policy
+ of an Active Directory domain and is derived from ADEntity. This class is
+ not supported by AD LDS. An ADDefaultDomainPasswordPolicy may contain the
+ following properties in addition to those inherited from its parent.
+ - ComplexityEnabled - A property of type System.Boolean, derived from the
+ directory attribute: pwdProperties
+ - DistinguishedName - A property of type System.String, derived from the
+ directory attribute: distinguishedName
+ - LockoutDuration - A property of type System.TimeSpan, derived from the
+ directory attribute: lockoutDuration
+ - LockoutObservationWindow - A property of type System.TimeSpan, derived
+ from the directory attribute: lockoutObservationWindow
+ - LockoutThreshold - A property of type System.Int32, derived from the
+ directory attribute: lockoutThreshold
+ - MaxPasswordAge - A property of type System.TimeSpan, derived from the
+ directory attribute: maxPwdAge
+ - MinPasswordAge - A property of type System.TimeSpan, derived from the
+ directory attribute: minPwdAge
+ - MinPasswordLength - A property of type System.Int32, derived from the
+ directory attribute: minPwdLength
+ - PasswordHistoryCount - A property of type System.Int32, derived from the
+ directory attribute: pwdHistoryLength
+ - ReversibleEncryptionEnabled - A property of type System.Boolean, derived
+ from the directory attribute: pwdProperties
+ - ADForest - Represents a Active Directory forest in AD DS or a Configuration
+ Set in AD LDS and is derived from ADEntity. This class is not supported by
+ AD LDS. An ADForest may contain the following properties in addition to
+ those inherited from its parent.
+ - ApplicationPartitions - A property of type System.String, derived from
+ the directory attribute: ApplicationPartitions
+ - CrossForestReferences - A property of type System.String, derived from
+ the directory attribute: CrossForestReferences
+ - DomainNamingMaster - A property of type System.String, derived from the
+ directory attribute: DomainNamingMaster
+ - Domains - A property of type System.String, derived from the directory
+ attribute: Domains
+ - ForestMode - A property of type System.Int32, derived from the directory
+ attribute: msDS-Behavior-Version
+ - GlobalCatalogs - A property of type System.String, derived from the
+ directory attribute: GlobalCatalogs
+ - Name - A property of type System.String, derived from the directory
+ attribute: name
+ - PartitionContainerName - A property of type System.String, derived from
+ the directory attribute: distinguishedName
+ - RootDomain - A property of type System.String, derived from the directory
+ attribute: RootDomain
+ - SchemaMaster - A property of type System.String, derived from the
+ directory attribute: SchemaMaster
+ - Sites - A property of type System.String, derived from the directory
+ attribute: Sites
+ - SPNSuffixes - A property of type System.String, derived from the
+ directory attribute: msDS-SPNSuffixes
+ - UPNSuffixes - A property of type System.String, derived from the
+ directory attribute: uPNSuffixes
+ - ADDirectoryServer - Represents a directory server used as either a domain
+ controller or an AD LDS instance and is derived from ADEntity. An
+ ADDirectoryServer may contain the following properties in addition to those
+ inherited from its parent.
+ - DefaultPartition - A property of type System.String, derived from the
+ directory attribute: DefaultPartition
+ - HostName - A property of type System.String, derived from the directory
+ attribute: HostName
+ - InvocationId - A property of type System.Guid, derived from the directory
+ attribute: InvocationId
+ - IPv4Address - A property of type System.String, derived from the
+ directory attribute: HostName
+ - IPv6Address - A property of type System.String, derived from the
+ directory attribute: HostName
+ - LdapPort - A property of type System.Int32, derived from the directory
+ attribute: LdapPort
+ - Name - A property of type System.String, derived from the directory
+ attribute: Name
+ - NTDSSettingsObjectDN - A property of type System.String, derived from the
+ directory attribute: NTDSSettingsObjectDN
+ - OperationMasterRoles - A property of type
+ Microsoft.ActiveDirectory.Management.ADOperationMasterRole, derived from
+ the directory attribute: OperationMasterRole
+ - Partitions - A property of type System.String, derived from the directory
+ attribute: Partitions
+ - ServerObjectDN - A property of type System.String, derived from the
+ directory attribute: ServerObjectDN
+ - ServerObjectGuid - A property of type System.Guid, derived from the
+ directory attribute: ServerObjectGuid
+ - Site - A property of type System.String, derived from the directory
+ attribute: Site
+ - SslPort - A property of type System.Int32, derived from the directory
+ attribute: SslPort
+ - ADDomainController - Represents a domain controller in AD DS and is
+ derived from ADDirectoryServer. An ADDomainController may contain the
+ following properties in addition to those inherited from its parent.
+ - ComputerObjectDN - A property of type System.String, derived from the
+ directory attribute: ComputerDN
+ - Domain - A property of type System.String, derived from the directory
+ attribute: Domain
+ - Enabled - A property of type System.Boolean, derived from the directory
+ attribute: Enabled
+ - Forest - A property of type System.String, derived from the directory
+ attribute: Forest
+ - IsGlobalCatalog - A property of type System.Boolean, derived from the
+ directory attribute: IsGlobalCatalog
+ - IsReadOnly - A property of type System.Boolean, derived from the
+ directory attribute: IsReadOnly
+ - OperatingSystem - A property of type System.String, derived from the
+ directory attribute: OSName
+ - OperatingSystemHotfix - A property of type System.String, derived from
+ the directory attribute: OSHotFix
+ - OperatingSystemServicePack - A property of type System.String, derived
+ from the directory attribute: OSServicepack
+ - OperatingSystemVersion - A property of type System.String, derived from
+ the directory attribute: OSVersion
diff --git a/docset/winserver2016-ps/activedirectory/New-ADOrganizationalUnit.md b/docset/winserver2016-ps/activedirectory/New-ADOrganizationalUnit.md
index 4e043895c7..bf58173458 100644
--- a/docset/winserver2016-ps/activedirectory/New-ADOrganizationalUnit.md
+++ b/docset/winserver2016-ps/activedirectory/New-ADOrganizationalUnit.md
@@ -24,12 +24,13 @@ New-ADOrganizationalUnit [-WhatIf] [-Confirm] [-AuthType ] [-City New-ADOrganizationalUnit -Name "UserAccounts" -Path "DC=FABRIKAM,DC=COM"
```
-This command creates an OU named UserAccounts that is protected from accidental deletion.
+This command creates an OU named UserAccounts that is protected from accidental deletion. Note that accidental protection is implicit.
### Example 2: Create an OU that is not protected from accidental deletion
+
```
PS C:\> New-ADOrganizationalUnit -Name "UserAccounts" -Path "DC=FABRIKAM,DC=COM" -ProtectedFromAccidentalDeletion $False
```
@@ -62,6 +66,7 @@ PS C:\> New-ADOrganizationalUnit -Name "UserAccounts" -Path "DC=FABRIKAM,DC=COM"
This command creates an OU named UserAccounts that is not protected from accidental deletion.
### Example 3: Create an OU that is protected from accidental deletion
+
```
PS C:\> New-ADOrganizationalUnit -Name "UserAccounts" -Path "DC=FABRIKAM,DC=COM" -OtherAttributes @{seeAlso="CN=HumanResourceManagers,OU=Groups,OU=Managed,DC=Fabrikam,DC=com";managedBy="CN=TomC,DC=FABRIKAM,DC=COM"}
```
@@ -70,6 +75,7 @@ This command creates an OU named UserAccounts that is protected from accidental
The **seeAlso** and **managedBy** properties are set to specified values.
### Example 4: Create an OU from a template OU
+
```
PS C:\> $OuTemplate = Get-ADOrganizationalUnit -Identity "OU=UserAccounts,DC=Fabrikam,DC=com" -Properties seeAlso,managedBy
PS C:\> New-ADOrganizationalUnit -Name "TomCReports" -Instance $OuTemplate
@@ -78,6 +84,7 @@ PS C:\> New-ADOrganizationalUnit -Name "TomCReports" -Instance $OuTemplate
This command uses the data from the OU OU=UserAccounts,DC=Fabrikam,DC=com as a template for another OU.
### Example 5: Create an OU in an AD LDS instance
+
```
PS C:\> New-ADOrganizationalUnit -Name "Managed" -Path "DC=AppNC" -Server "FABRIKAM-SRV1:60000"
```
@@ -87,6 +94,7 @@ This command creates an OU named Managed in an AD LDS instance.
## PARAMETERS
### -AuthType
+
Specifies the authentication method to use.
The acceptable values for this parameter are:
@@ -111,9 +119,10 @@ Accept wildcard characters: False
```
### -City
+
Specifies the town or city.
This parameter sets the **City** property of an OU object.
-The Lightweight Directory Access Protocol (LDAP) display name (**ldapDisplayName**) of this property is l.
+The Lightweight Directory Access Protocol (LDAP) display name (**ldapDisplayName**) of this property is `l`.
```yaml
Type: String
@@ -128,6 +137,7 @@ Accept wildcard characters: False
```
### -Confirm
+
Prompts you for confirmation before running the cmdlet.
```yaml
@@ -143,9 +153,10 @@ Accept wildcard characters: False
```
### -Country
+
Specifies the country or region code.
This parameter sets the **Country** property of an OU object.
-The LDAP display name (**ldapDisplayName**) of this property is c.
+The LDAP display name (**ldapDisplayName**) of this property is `c`.
This value is not used by Windows 2000.
```yaml
@@ -161,14 +172,15 @@ Accept wildcard characters: False
```
### -Credential
+
Specifies the user account credentials to use to perform this task.
The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive.
If the cmdlet is run from such a provider drive, the account associated with the drive is the default.
-To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object.
+To specify this parameter, you can type a user name, such as `User1` or `Domain01\User01` or you can specify a **PSCredential** object.
If you specify a user name for this parameter, the cmdlet prompts for a password.
-You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet.
+You can also create a **PSCredential** object by using a script or by using the [Get-Credential](/powershell/module/microsoft.powershell.security/get-credential?view=powershell-7.3) cmdlet.
You can then set the *Credential* parameter to the **PSCredential** object.
If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.
@@ -186,9 +198,10 @@ Accept wildcard characters: False
```
### -Description
+
Specifies a description of the object.
This parameter sets the value of the **Description** property for the OU object.
-The LDAP display name (**ldapDisplayName**) for this property is description.
+The LDAP display name (**ldapDisplayName**) for this property is `description`.
```yaml
Type: String
@@ -203,9 +216,10 @@ Accept wildcard characters: False
```
### -DisplayName
+
Specifies the display name of the object.
This parameter sets the **DisplayName** property of the OU object.
-The LDAP display name (**ldapDisplayName**) for this property is displayName.
+The LDAP display name (**ldapDisplayName**) for this property is `displayName`.
```yaml
Type: String
@@ -220,6 +234,7 @@ Accept wildcard characters: False
```
### -Instance
+
Specifies an instance of an OU object to use as a template for a new OU object.
You can use an instance of an existing OU object as a template or you can construct a new OU object by using the Windows PowerShell command line or by using a script.
@@ -232,7 +247,8 @@ You can override property values of the new object by setting the appropriate pa
Method 2: Create a new **ADOrganizationalUnit** object and set the property values by using the Windows PowerShell command line interface.
Then pass this object to the *Instance* parameter of the **New-ADOrganizationalUnit** cmdlet to create the new Active Directory OU object.
-Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set raises an error.
+> [!NOTE]
+> Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set raises an error.
```yaml
Type: ADOrganizationalUnit
@@ -247,16 +263,17 @@ Accept wildcard characters: False
```
### -ManagedBy
+
Specifies the user or group that manages the object by providing one of the following property values.
Note: The identifier in parentheses is the LDAP display name for the property.
The acceptable values for this parameter are:
- A distinguished name
-- A GUID (objectGUID)
-- A security identifier (objectSid)
+- A GUID (objectGUID)
+- A security identifier (objectSid)
- A SAM account name (sAMAccountName)
-This parameter sets the Active Directory attribute with an LDAP display name of managedBy.
+This parameter sets the Active Directory attribute with an LDAP display name of `managedBy`.
```yaml
Type: ADPrincipal
@@ -271,9 +288,10 @@ Accept wildcard characters: False
```
### -Name
+
Specifies the name of the object.
This parameter sets the **Name** property of the OU object.
-The LDAP display name (**ldapDisplayName**) of this property is name.
+The LDAP display name (**ldapDisplayName**) of this property is `name`.
```yaml
Type: String
@@ -288,6 +306,7 @@ Accept wildcard characters: False
```
### -OtherAttributes
+
Specifies object attribute values for attributes that are not represented by cmdlet parameters.
You can set one or more parameters at the same time with this parameter.
If an attribute takes more than one value, you can assign multiple values.
@@ -297,11 +316,11 @@ To specify a single value for an attribute:
`-OtherAttributes @{'AttributeLDAPDisplayName'=value}`
-To specify multiple values for an attribute:
+To specify multiple values for an attribute, separate the values with a comma:
`-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...}`
-To specify values for multiple attributes:
+To specify values for multiple attributes, separate the attributes with a semi-colon:
`-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...}`
@@ -318,6 +337,7 @@ Accept wildcard characters: False
```
### -PassThru
+
Returns an object representing the item with which you are working.
By default, this cmdlet does not generate any output.
@@ -334,6 +354,7 @@ Accept wildcard characters: False
```
### -Path
+
Specifies the X.500 path of the OU or container where the new object is created.
In many cases, a default value is used for the *Path* parameter if no value is specified.
@@ -342,22 +363,22 @@ Note that rules listed first are evaluated first and when a default value can be
In Active Directory Domain Services (AD DS) environments, a default value for *Path* is set in the following cases:
-- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive.
-- If the cmdlet has a default path, this is used.
-For example: in New-ADUser, the *Path* parameter defaults to the Users container.
-- If none of the previous cases apply, the default value of *Path* is set to the default partition or naming context of the target domain.
+- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive.
+- If the cmdlet has a default path, this is used. For example: in **New-ADUser**, the *Path* parameter defaults to the Users container.
+- If none of the previous cases apply, the default value of *Path* is set to the default partition or naming context of the target domain.
-In AD LDS environments, a default value for *Path* is set in the following cases:
+In AD LDS environments, a default value for *Path* is set in the following cases:
-- If the cmdlet is run from an Active Directory module for PowerShell provider drive, the parameter is set to the current path of the provider drive.
-- If the cmdlet has a default path, this is used.
-For example: in New-ADUser, the *Path* parameter defaults to the Users container.
+- If the cmdlet is run from an Active Directory module for PowerShell provider drive, the parameter is set to the current path of the provider drive.
+- If the cmdlet has a default path, this is used. For example: in **New-ADUser**, the *Path* parameter defaults to the Users container.
- If the target AD LDS instance has a default naming context, the default value of *Path* is set to the default naming context.
-To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance.
+ To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance.
- If none of the previous cases apply, the *Path* parameter does not take any default value.
-Note: The Active Directory Provider cmdlets, such as **New-Item**, **Remove-Item**, **Remove-ItemProperty**, **Rename-Item**, and **Set-ItemProperty**, also contain a **Path** property.
-However, for the Active Directory Provider cmdlets, the *Path* parameter identifies the path of the actual object rather than the container.
+> [!NOTE]
+> The Active Directory Provider cmdlets, such as **New-Item**, **Remove-Item**, **Remove-ItemProperty**, **Rename-Item**, and **Set-ItemProperty**, also contain a **Path** property.
+>
+> However, for the Active Directory Provider cmdlets, the *Path* parameter identifies the path of the actual object rather than the container.
```yaml
Type: String
@@ -372,9 +393,10 @@ Accept wildcard characters: False
```
### -PostalCode
+
Specifies the postal code or zip code.
This parameter sets the **PostalCode** property of an OU object.
-The LDAP display name (**ldapDisplayName**) of this property is postalCode.
+The LDAP display name (**ldapDisplayName**) of this property is `postalCode`.
```yaml
Type: String
@@ -389,6 +411,7 @@ Accept wildcard characters: False
```
### -ProtectedFromAccidentalDeletion
+
Indicates whether to prevent the object from being deleted.
When this property is set to $True, you cannot delete the corresponding object without changing the value of the property.
The acceptable values for this parameter are:
@@ -409,17 +432,18 @@ Accept wildcard characters: False
```
### -Server
+
Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server.
The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance.
-Specify the AD DS instance in one of the following ways:
+Specify the AD DS instance in one of the following ways:
Domain name values:
- Fully qualified domain name
- NetBIOS name
-Directory server values:
+Directory server values:
- Fully qualified directory server name
- NetBIOS name
@@ -444,9 +468,10 @@ Accept wildcard characters: False
```
### -State
+
Specifies a state or province.
This parameter sets the **State** property of an OU object.
-The LDAP display name (**ldapDisplayName**) of this property is st.
+The LDAP display name (**ldapDisplayName**) of this property is `st`.
```yaml
Type: String
@@ -461,9 +486,10 @@ Accept wildcard characters: False
```
### -StreetAddress
+
Specifies a street address.
This parameter sets the **StreetAddress** property of an OU object.
-The LDAP display name (**ldapDisplayName**) of this property is street.
+The LDAP display name (**ldapDisplayName**) of this property is `street`.
```yaml
Type: String
@@ -478,6 +504,7 @@ Accept wildcard characters: False
```
### -WhatIf
+
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
@@ -494,20 +521,24 @@ Accept wildcard characters: False
```
### CommonParameters
+
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
## INPUTS
### None or Microsoft.ActiveDirectory.Management.ADOrganizationalUnit
+
An OU object that is a template for the new OU object is received by the *Instance* parameter.
## OUTPUTS
### None or Microsoft.ActiveDirectory.Management.ADOrganizationalUnit
+
Returns the new OU object when the *PassThru* parameter is specified.
By default, this cmdlet does not generate any output.
## NOTES
+
* This cmdlet does not work with an Active Directory snapshot.
* This cmdlet does not work with a read-only domain controller.
@@ -518,4 +549,3 @@ By default, this cmdlet does not generate any output.
[Remove-ADOrganizationalUnit](./Remove-ADOrganizationalUnit.md)
[Set-ADOrganizationalUnit](./Set-ADOrganizationalUnit.md)
-
diff --git a/docset/winserver2016-ps/appx/Get-NonRemovableAppsPolicy.md b/docset/winserver2016-ps/appx/Get-NonRemovableAppsPolicy.md
index c485ad124b..536f7912dc 100644
--- a/docset/winserver2016-ps/appx/Get-NonRemovableAppsPolicy.md
+++ b/docset/winserver2016-ps/appx/Get-NonRemovableAppsPolicy.md
@@ -1,5 +1,6 @@
---
-audiencems.localizationpriority: ITPro
+audience: ITPro
+ms.localizationpriority: Low
description: Use this topic to help prevent the uninstall of specific Windows apps with Windows PowerShell.
external help file: Microsoft.Windows.Appx.PackageManager.Commands.dll-help.xml
Module Name: Appx
diff --git a/docset/winserver2016-ps/appx/Set-NonRemovableAppsPolicy.md b/docset/winserver2016-ps/appx/Set-NonRemovableAppsPolicy.md
index 4d5de39176..d671ebb3ee 100644
--- a/docset/winserver2016-ps/appx/Set-NonRemovableAppsPolicy.md
+++ b/docset/winserver2016-ps/appx/Set-NonRemovableAppsPolicy.md
@@ -1,5 +1,6 @@
---
-audiencems.localizationpriority: ITPro
+audience: ITPro
+ms.localizationpriority: Low
description: Use this topic to help prevent the uninstall of specific Windows apps with Windows PowerShell.
external help file: Microsoft.Windows.Appx.PackageManager.Commands.dll-help.xml
Module Name: Appx
diff --git a/docset/winserver2016-ps/hyper-v/Get-VMNetworkAdapter.md b/docset/winserver2016-ps/hyper-v/Get-VMNetworkAdapter.md
index 8c22b96d92..9ac6fab263 100644
--- a/docset/winserver2016-ps/hyper-v/Get-VMNetworkAdapter.md
+++ b/docset/winserver2016-ps/hyper-v/Get-VMNetworkAdapter.md
@@ -203,7 +203,7 @@ Accept wildcard characters: False
### -VM
Specifies the virtual machine whose virtual network adapters are to be retrieved.
-. The asterisk, "*", is the wildcard.
+The asterisk, "*", is the wildcard.
If it is specified the cmdlet returns virtual network adapters from every virtual machine in the system.
```yaml
diff --git a/docset/winserver2016-ps/iisadministration/IISAdministration.md b/docset/winserver2016-ps/iisadministration/IISAdministration.md
index 294a3261c1..716d538245 100644
--- a/docset/winserver2016-ps/iisadministration/IISAdministration.md
+++ b/docset/winserver2016-ps/iisadministration/IISAdministration.md
@@ -2,7 +2,7 @@
description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell.
Download Help Link: https://aka.ms/winsvr-2016-pshelp
Help Version: 5.0.3.1
-Locale: en-uS
+Locale: en-US
Module Guid: 07640789-476a-4713-a091-f5b365129c32
Module Name: IISAdministration
ms.date: 12/20/2016
diff --git a/docset/winserver2016-ps/pki/Import-Certificate.md b/docset/winserver2016-ps/pki/Import-Certificate.md
index ea78965e77..7c558b222c 100644
--- a/docset/winserver2016-ps/pki/Import-Certificate.md
+++ b/docset/winserver2016-ps/pki/Import-Certificate.md
@@ -85,6 +85,8 @@ Accept wildcard characters: False
Specifies the path to a certificate file to be imported.
Acceptable formats include .sst, .p7b, and .cert files.
If the file contains multiple certificates, then each certificate will be imported to the destination store.
+The file must be in .sst format to import multiple certificates;
+otherwise, only the first certificate in the file will be imported.
```yaml
Type: String
diff --git a/docset/winserver2019-ps/activedirectory/About/About.md b/docset/winserver2019-ps/activedirectory/About/About.md
new file mode 100644
index 0000000000..449df28850
--- /dev/null
+++ b/docset/winserver2019-ps/activedirectory/About/About.md
@@ -0,0 +1,26 @@
+---
+description: About articles for the ActiveDirectory module.
+Help Version: 3.1.0.0
+Locale: en-US
+ms.date: 07/03/2024
+title: About articles
+---
+# About topics
+
+## Description
+
+About topics cover a range of concepts about PowerShell.
+
+## About Topics
+
+### [about_ActiveDirectory](about_ActiveDirectory.md)
+The Active Directory module is a command line interface for managing Active Directory.
+
+### [about_ActiveDirectory_Filter](about_ActiveDirectory_Filter.md)
+Describes the syntax and behavior of the search filter supported by the Active Directory module for Windows PowerShell.
+
+### [about_ActiveDirectory_Identity](about_ActiveDirectory_Identity.md)
+The Active Directory module for Windows PowerShell objects have a range of identifying attributes that are used for search and retrieval.
+
+### [about_ActiveDirectory_ObjectModel](about_ActiveDirectory_ObjectModel.md)
+Describes the object model of the Active Directory module for Windows PowerShell.
diff --git a/docset/winserver2019-ps/activedirectory/About/about_ActiveDirectory.md b/docset/winserver2019-ps/activedirectory/About/about_ActiveDirectory.md
new file mode 100644
index 0000000000..1b7183dcd2
--- /dev/null
+++ b/docset/winserver2019-ps/activedirectory/About/about_ActiveDirectory.md
@@ -0,0 +1,81 @@
+---
+title: about_ActiveDirectory
+ms.date: 04/22/2013
+description: The Active Directory module is a command line interface for managing Active Directory.
+Locale: en-US
+schema: 2.0.0
+---
+
+# about_ActiveDirectory
+
+## SHORT DESCRIPTION
+
+The Active Directory module is a command line interface for managing Active
+Directory.
+
+## LONG DESCRIPTION
+
+The Active Directory module for Windows PowerShell is for IT Professionals who
+are administering and interfacing with Active Directory. The Active Directory
+module provides an efficient way to complete many administrative,
+configuration, and diagnostic tasks across Active Directory Domain Services (AD
+DS) and Active Directory Lightweight Directory Services (AD LDS) instances in
+their environments. The Active Directory module includes a set of Windows
+PowerShell cmdlets and a provider. The provider exposes the Active Directory
+database through a hierarchical navigation system, which is very similar to the
+file system. As with drives in a file system, such as C:, you can connect
+Windows PowerShell drives to Active Directory domains and AD LDS, as well as
+Active Directory snapshots.
+
+### Coverage of Active Directory Module Cmdlets
+
+Create, Read, Update, and Delete actions are supported for Active Directory
+objects by cmdlets such as `New-ADUser`, `Get-ADOrganizationalUnit`,
+`Set-ADComputer`, and `Remove-ADUser`.
+
+Account and Password Policy Management are supported by cmdlets such as
+`Enable-ADAccount`, `Unlock-ADAccount`, `New-ADServiceAccount`,
+`Set-ADAccountControl`, and `Remove-ADFineGrainedPasswordPolicy`.
+
+Domain and Forest Management is supported by cmdlets such as `Get-ADForest`,
+`Set-ADForest`, `Set-ADForestMode`, `Enable-ADOptionalFeature`,
+`Get-ADDomainController`, and `Get-ADDomain`.
+
+### Listing the Active Directory Module Cmdlets
+
+To get a list of all of the Active Directory module cmdlets, run
+
+```powershell
+Get-Command -Module ActiveDirectory
+```
+
+### Getting Started
+
+Getting started with the Active Directory module for Windows PowerShell is as
+easy as clicking the following shortcut:
+
+Run the following command in any Windows PowerShell prompt to import the Active
+Directory module:
+
+```powershell
+Import-Module ActiveDirectory
+```
+
+### Overview and Conceptual Topics
+
+The first two of these topics offer a high level overview of the Active
+Directory module and the Active Directory Provider.
+
+- For a brief introduction to the Active Directory provider for Windows
+ PowerShell, see [ActiveDirectory](/powershell/module/activedirectory).
+- The following topics are conceptual support topics for the Active Directory
+ module cmdlets.
+ - For an introduction to the **Identity** parameter, which is used by the
+ Active Directory module cmdlets to identify objects in the directory, see
+ [about_ActiveDirectory_Identity](about_ActiveDirectory_Identity.md).
+ - For an introduction to the **Filter** parameter which is used by Active
+ Directory module cmdlets to search for objects in the directory, see
+ [about_ActiveDirectory_Filter](about_ActiveDirectory_Filter.md).
+ - For an introduction to the .NET Framework-based object model implemented by
+ the Active Directory module, see
+ [about_ActiveDirectory_ObjectModel](about_ActiveDirectory_ObjectModel.md).
diff --git a/docset/winserver2019-ps/activedirectory/About/about_ActiveDirectory_Filter.md b/docset/winserver2019-ps/activedirectory/About/about_ActiveDirectory_Filter.md
new file mode 100644
index 0000000000..23a83c0a0a
--- /dev/null
+++ b/docset/winserver2019-ps/activedirectory/About/about_ActiveDirectory_Filter.md
@@ -0,0 +1,351 @@
+---
+title: about_ActiveDirectory_Filter
+ms.date: 04/22/2013
+description: Describes the syntax and behavior of the search filter supported by the Active Directory module for Windows PowerShell.
+Locale: en-US
+schema: 2.0.0
+---
+
+# about_ActiveDirectory_Filter
+
+## SHORT DESCRIPTION
+
+Describes the syntax and behavior of the search filter supported by the Active
+Directory module for Windows PowerShell.
+
+## LONG DESCRIPTION
+
+Most get-AD* Active Directory module cmdlets use the Filter parameter to search
+for objects. The Filter parameter has been implemented to replace the function
+of the LDAP Filter and adds support for PowerShell variables, rich data types,
+improved error checking and an Active Directory extended form of the PowerShell
+Expression Language.
+
+
+- Support for LDAP Filter Syntax
+
+ The LDAP filter syntax is supported through the **LDAPFilter** parameter. You
+ will find LDAP filter examples along with the new Active Directory module
+ filter examples in the Filter Examples section of this topic.
+
+
+- Search Breadth and Depth
+
+ The breadth and depth of your filter-driven search can be modified by two
+ Active Directory module cmdlet parameters: **SearchBase** and **SearchScope**.
+
+ When within the context of the Active Directory provider, if the
+ **Searchbase** parameter is not specified, **SearchBase** will default to the
+ current path. When not running under the Active Directory provider, the
+ **SearchBase** will default to the server's **DefaultNamingContext**.
+
+ The **SearchScope** parameter defaults to the value `Subtree`, of the
+ enumerated type **ADSearchScope**.
+
+ For more information, see the **SearchBase** and **SearchScope** parameter
+ descriptions on any `Get-AD*` cmdlet.
+
+- Search Result Behavior
+
+ The behavior of the Active Directory module when returning results of a
+ search is modified by two cmdlet parameters: **ResultPageSize** and
+ **ResultSetSize**.
+
+ **ResultSetSize** controls the maximum number of returned objects.
+
+ **ResultPageSize** specifies the maximum number of objects for each returned
+ page of information.
+
+ See the **ResultPageSize** and **ResultSetSize** parameter descriptions on
+ any `Get-AD*` cmdlet for more information.
+
+
+- Timeout Behavior
+
+ The following statements specify timeout conditions within the Active
+ Directory module and describe what can be done about a timeout them.
+
+ The default Active Directory module timeout for all operations is 2
+ minutes.
+
+ For search operation, the Active Directory module uses paging control
+ with a 2-minute timeout for each page search.
+
+ > [!NOTE]
+ > Because a search may involve multiple server page requests the overall
+ > search time may exceed 2 minutes.
+
+ A **TimeoutException** error indicates that a timeout has occurred.
+
+ For a search operation, you can choose to use a smaller page size, set with
+ the **ResultPageSize** parameter, if you are getting a **TimeoutException**
+ error.
+
+ If after trying these changes you are still getting a **TimeoutException**
+ error, consider optimizing your filter using the guidance in the
+ Optimizing Filters section of this topic.
+
+
+- Optimizing Filters
+
+ You can enhance the search filter behavior by using these guidelines.
+
+ - Avoid using the **Recursive** parameter as it intensifies resource usage of
+ the search operation.
+ - Avoid using bitwise AND operators and bitwise OR operators. For more
+ information, see the Supported Operators section of this topic.
+ - Avoid using the logical NOT operator.
+ - Break down your search into multiple queries with narrower conditions.
+
+ For a full description of filter syntax and usage, see the Filter Syntax
+ section of this topic.
+
+
+## Filter Examples
+
+The following section shows many examples of filter use in common queries.
+
+### Example 1 - Get all entries:
+
+- LDAP Filter Equivalent: `(objectClass=*)`
+
+```powershell
+Get-ADObject -Filter 'ObjectClass -like "*"'
+```
+
+### Example 2 - Get entries containing "bob" somewhere in the common name
+
+- LDAP Filter Equivalent: `(cn=*bob*)`
+
+```powershell
+Get-ADObject -Filter 'CN -like "*bob*"'
+```
+
+### Example 3 - Get entries with a bad password count greater than five
+
+- LDAP Filter Equivalent: `(&(!badpwdcount<=5)(badpwdcount=*))`
+
+```powershell
+Get-ADUser -Filter 'badpwdcount -ge 5'
+```
+
+### Example 4 - Get all users with an e-mail attribute
+
+- LDAP Filter Equivalent: `(&(objectClass=user)(email=*))`
+
+```powershell
+Get-ADUser -filter 'email -like "*"'
+```
+
+-or-
+
+```powershell
+Get-ADObject -filter 'email -like "*" -and ObjectClass -eq "user"'
+```
+
+### Example 5 - Get all user entries with an e-mail attribute and a surname equal to "smith":
+
+- LDAP Filter Equivalent: `(&(sn=smith)(objectClass=user)(email=*))`
+
+```powershell
+Get-ADUser -Filter 'Email -like "*" -and SurName -eq "smith"'
+```
+
+-or-
+
+```powershell
+Get-ADUser -Filter 'Email -like "*" -and sn -eq "smith"'
+```
+
+
+### Example 6 - Get all user entries with a common name that starts with "andy" and users with a common name of "steve" or "margaret"
+
+- LDAP Filter Equivalent: `(&(objectClass=user) | (cn=andy*)(cn=steve)(cn=margaret))`
+
+```powershell
+Get-ADUser -Filter 'CN -like "andy*" -or CN -eq "steve" -or CN -eq "margaret"'
+```
+
+
+This example demonstrates a more complex logic and the use of precedence
+control via parenthesis.
+
+```powershell
+Get-ADObject -Filter 'objectClass -eq "user" -and (CN -like "andy*" -or CN -eq "steve" -or CN -eq "margaret")'
+```
+
+### Example 7 - Get all entries without an e-mail attribute
+
+- LDAP Filter Equivalent: `(!(email=*))`
+
+```powershell
+Get-ADUser -Filter '-not Email -like "*"'
+```
+
+-or-
+
+```powershell
+Get-ADUser -Filter 'Email -notlike "*"'
+```
+
+### Example 8 - Get all users who did not logon since January 1, 2007
+
+- LDAP Filter Equivalent: `(&(lastlogon<=X)(objectClass=user))` where X is
+ number of 100-nanosecond slices since Jan 1st 1601
+
+```powershell
+$date = new-object System.DateTime -ArgumentList @(2007,1,1,0,0,0)
+Get-ADUser -Filter '-not LastLogon -le $date'
+```
+
+### Example 9 - Get all users who have logged on in the last 5 days
+
+- LDAP Filter Equivalent:
+
+ ```
+ (&(lastLogon>=128812906535515110)
+ (objectClass=user)(!(objectClass=computer)))
+ ```
+
+```powershell
+$date = (get-date) - (new-timespan -days 5)
+Get-ADUser -Filter 'lastLogon -gt $date'
+```
+
+### Example 10 - Search for group objects that have the ADS_GROUP_TYPE_SECURITY_ENABLED flag set
+
+- LDAP Filter Equivalent:
+ `(&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2147483648))`
+
+The following example query string searches for group objects that have the
+ADS_GROUP_TYPE_SECURITY_ENABLED flag set. Be aware that the decimal value of
+ADS_GROUP_TYPE_SECURITY_ENABLED (0x80000000 = 2147483648) is used for the
+comparison value.
+
+```powershell
+Get-ADGroup -filter 'groupType -band 0x80000000'
+```
+
+### Example 11 - Search the ancestry of an object
+
+- LDAP Filter Equivalent:
+ `(memberof:1.2.840.113556.1.4.1941:=(cn=Group1,OU=groupsOU,DC=x)))`
+
+The LDAP_MATCHING_RULE_IN_CHAIN is a matching rule OID that is designed to
+provide a method to look up the ancestry of an object. Many applications using
+Active Directory and AD LDS usually work with hierarchical data, which is
+ordered by parent-child relationships. Previously, applications performed
+transitive group expansion to figure out group membership, which used a lot of
+network bandwidth. Applications made multiple round-trips to figure out if an
+object fell "in the chain" if a link were traversed through to the end.
+
+An example of such a query is one designed to check if a user, "user1" is a
+member of group "group1". "user1" may not be a direct member of group1. It
+could be a member of some other group, which is a member of "group1".
+
+You would set the base to the user DN and the scope to base, and use the query:
+
+```powershell
+Get-ADUser -Filter 'memberOf -RecursiveMatch "CN=Administrators, CN=Builtin,DC=Fabrikam,DC=com"' -SearchBase "CN=Administrator,CN=Users,DC=Fabrikam,DC=com"
+```
+
+## Filter Syntax
+
+The following syntax descriptions use Backus-Naur form to show the PowerShell
+Expression Language for the Filter parameter.
+
+```Syntax
+ ::= "{" "}"
+
+ ::= |
+ |
+
+
+ ::= |
+ "(" ")"
+
+ ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt" |
+ "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" |
+ "-notlike"
+
+ ::= "-and" | "-or"
+
+ ::= "-not"
+
+ ::= |
+
+::= < this value will be compared to the object data for
+ attribute using the specified filter operator
+```
+
+
+## Supported Operators
+
+The following table shows frequently used search filter operators.
+
+| Operator | Description | LDAP Equivalent |
+| ----------------- | -------------------------------------- | -------------------------- |
+| `-eq` | Equal to. Wildcards not supported. | = |
+| `-ne` | Not equal to. Wildcards not supported. | !x = y |
+| `-approx` | Approximately equal to | ~= |
+| `-le` | Lexicographically less than | <= |
+| | or equal to | |
+| `-lt` | Lexicographically less than | !x >= y |
+| `-ge` | Lexicographically greater | >= |
+| | than or equal to | |
+| `-gt` | Lexicographically greater than | !x <= y |
+| | | |
+| `-and` | AND | & |
+| `-or` | OR | |
+| `-not` | NOT | ! |
+| `-bor` | Bitwise OR | :1.2.840.113556.1.4.804:= |
+| `-band` | Bitwise AND | :1.2.840.113556.1.4.803:= |
+| `-recursivematch` | Use LDAP_MATCHING_RULE_IN_CHAIN | :1.2.840.113556.1.4.1941:= |
+| `-like` | Similar to `-eq` and supports | = |
+| | wildcard comparison. The only | |
+| | wildcard character supported is: `*` | |
+| `-notlike` | Not like. Supports wild | !x = y |
+| | card comparison. | |
+
+> [!NOTE]
+> PowerShell wildcards, other than "*", such as "?" are not supported by the
+> **Filter** parameter syntax.
+
+### Operator Precedence
+
+The following listing shows the precedence of operators for filters from
+highest to lowest.
+
+- Highest precedence: `-eq`, `-ge`, `-le`, `-approx`, `-band`, `-bor`,
+ `-recursivematch`, `-ne`, `-like`, `-not`, `-and`
+- Lowest precedence: `-or`
+
+### Special Characters
+
+The following escape sequence should be used for specifying special characters
+in AD Filter STRING data, that is, data enclosed in double or single quotes.
+
+| ASCII Character | Escape sequence substitute |
+| --------------- | --------------------------------------------------- |
+| `"` | `` `" `` (This escape sequence is only required if |
+| | STRING data is enclosed in double quotes.) |
+| `'` | `''` (This escape sequence is only required if |
+| | STRING data is enclosed in single quotes.) |
+| NUL | `\00` (This is a standard LDAP escape sequence.) |
+| `\` | `\5c` (This is a standard LDAP escape sequence.) |
+
+### LDAP Special Characters
+
+ADFilter parser will automatically convert all the below characters found in
+STRING data, that is data enclosed in " " or ' ' to their LDAP escape sequence.
+End users need not know about these LDAP escape sequence.
+
+| ASCII Character | Escape sequence substitute |
+| --------------- | ----------------------------------------------- |
+| `*` | `\2a` (Character `*` will only be converted in |
+| | -eq and -ne comparisons Users should use |
+| | -like and -notlike operators for wildcard |
+| | comparison.) |
+| `(` | `\28` |
+| `)` | `\29` |
+| `/` | `\2f` |
diff --git a/docset/winserver2019-ps/activedirectory/About/about_ActiveDirectory_Identity.md b/docset/winserver2019-ps/activedirectory/About/about_ActiveDirectory_Identity.md
new file mode 100644
index 0000000000..c007277b19
--- /dev/null
+++ b/docset/winserver2019-ps/activedirectory/About/about_ActiveDirectory_Identity.md
@@ -0,0 +1,196 @@
+---
+title: about_ActiveDirectory_Identity
+ms.date: 04/22/2013
+description: This article lists the identifying attributes that are used for search and retrieval supported by the Active Directory module for Windows PowerShell.
+Locale: en-US
+schema: 2.0.0
+---
+
+# about_ActiveDirectory_Identity
+
+## SHORT DESCRIPTION
+
+The Active Directory module for Windows PowerShell objects have a range of
+identifying attributes that are used for search and retrieval.
+
+## LONG DESCRIPTION
+
+In order to identify the objects in Active Directory, each object has
+attributes that can be used as identifiers. In the Active Directory module, the
+value of the identity of an object can be passed using the Identity parameter.
+Each object type has its own set of possible types and values for use by the
+Identity parameter. See the detailed description of the Identity parameter of
+the given cmdlet for more information about its usage.
+
+When searching with the Active Directory module cmdlets, the value of the
+Identity parameter, along with the values of the Server and Partition
+parameters, is used to uniquely identify a single object. The Server parameter
+is used to locate which server to connect with. The Partition parameter further
+narrows the search to a specific partition. The Identity parameter then
+resolves to a single unique object in the partition.
+
+Note that using the Security Accounts Manager (SAM) Account Name
+(**sAMAccountName**) when targeting a global catalog port, you will not find a
+user in a different domain if you are using the Identity parameter
+
+If more than one object is found using identity resolution, the Active
+Directory module throws an error.
+
+For more information about the Server and Partition parameters, see the help
+topics for the individual cmdlets where they are used, such as `Get-ADUser`, by
+typing:
+
+```powershell
+Get-Help Get-ADUser
+```
+
+### Objects and Identities
+
+Each object has a list of attributes that can be used as an identity for that
+object. Additionally, if the object inherits from another object, then the
+parent object's identities can also be used as the child object's identities.
+For more information on the Active Directory object hierarchy, see
+[about_ActiveDirectory_ObjectModel](about_ActiveDirectory_ObjectModel.md).
+
+> [!NOTE]
+> For Active Directory Provider cmdlets, only an object's 'Distinguished Name'
+> or 'Relative Distinguished Name' can be used as the identity. For a list of
+> Active Directory Provider cmdlets, see ActiveDirectory.
+
+### Identity Attributes
+
+The following is a list of identity attributes by object type.
+
+- ADAccount
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Security Identifier (objectSid)
+ - SAM Account Name (sAMAccountName)
+
+- ADComputer
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Security Identifier (objectSid)
+ - Security Accounts Manager Account Name (sAMAccountName)
+
+- ADDirectoryServer
+ - Name of the server object (name)
+ - For AD LDS instances the syntax of a name is `$`
+ - For other Active Directory instances, use the value of the name property.
+ - Distinguished Name of the NTDS Settings object
+ - Distinguished Name of the server object that represents the directory
+ server.
+ - GUID (objectGUID) of server object under the configuration partition.
+ - GUID (objectGUID) of NTDS settings object under the configuration partition
+
+- ADDomain
+ - Distinguished Name
+ - GUID
+ - Security Identifier
+ - DNS domain name
+ - NetBIOS domain name
+
+- ADDomainController
+ - GUID (objectGUID)
+ - IPV4Address
+ - Global IPV6Address
+ - DNS Host Name (dNSHostName)
+ - Name of the server object
+ - Distinguished Name of the NTDS Settings object
+ - Distinguished Name of the server object that represents the domain controller
+ - GUID of NTDS settings object under the configuration partition
+ - GUID of server object under the configuration partition
+ - Distinguished Name of the computer object that represents the domain controller.
+
+- ADFineGrainedPasswordPolicy
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Name (name)
+
+- ADForest
+ - Fully qualified domain name
+ - DNS host name
+ - NetBIOS name
+
+- ADGroup
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Security Identifier (objectSid)
+ - Security Accounts Manager (SAM) Account Name (sAMAccountName)
+
+- ADObject
+ - Distinguished Name
+ - GUID (objectGUID)
+
+- ADOptionalFeature
+ - Distinguished Name
+ - Name (name)
+ - Feature GUID (featureGUID)
+ - GUID (objectGUID)
+
+- ADOrganizationalUnit
+ - Distinguished Name
+ - GUID (objectGUID)
+
+- ADPrincipal
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Security Identifier (objectSid)
+ - SAM Account Name (sAMAccountName)
+
+- ADServiceAccount
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Security Identifier (objectSid)
+ - SAM Account Name (sAMAccountName)
+
+- ADUser
+ - Distinguished Name
+ - GUID (objectGUID)
+ - Security Identifier (objectSid)
+ - SAM User Name (sAMUserName)
+
+
+### Identities Formats
+
+Active Directory module objects have a range of identity attributes. Below is a
+list of these, their types and formats.
+
+- Distinguished Name
+ - Example: CN=SaraDavis,CN=Europe,CN=Users, DC=corp,DC=contoso,DC=com
+
+- DNS domain name
+ - Example: redmond.corp.contoso.com
+
+- DNS Host Name (dNSHostName)
+ - Example: corp-DC01.corp.contoso.com
+
+- Feature GUID (featureGUID)
+ - Example: 599c3d2e-f72d-4d20-8a88-030d99495f20
+
+- Fully qualified domain name
+ - Example: corp.contoso.com
+
+- Global IPV6Address
+ - Example: 2001:4898:0:fff:200:5efe:157.59.132.61
+
+- GUID (objectGUID)
+ - Example: 599c3d2e-f72d-4d20-8a88-030d99495f20
+
+- IPV4Address
+ - Example:157.59.132.61
+
+- NetBIOS domain name
+ - Example: redmond
+
+- Name of the server object
+ - Example: corp-DC01$
+
+- SAM Account Name (sAMAccountName)
+ - Example: saradavisreports
+
+- Security Identifier (objectSid)
+ - Example: S-1-5-21-3165297888-301567370-576410423-1103
+
+- Name
+ - Example: Recycle Bin Feature
diff --git a/docset/winserver2019-ps/activedirectory/About/about_ActiveDirectory_ObjectModel.md b/docset/winserver2019-ps/activedirectory/About/about_ActiveDirectory_ObjectModel.md
new file mode 100644
index 0000000000..8535a97464
--- /dev/null
+++ b/docset/winserver2019-ps/activedirectory/About/about_ActiveDirectory_ObjectModel.md
@@ -0,0 +1,595 @@
+---
+title: about_ActiveDirectory_ObjectModel
+ms.date: 04/22/2013
+description: Describes the object model of the Active Directory module for Windows PowerShell.
+Locale: en-US
+schema: 2.0.0
+---
+
+# about_ActiveDirectory_ObjectModel
+
+## SHORT DESCRIPTION
+Describes the object model of the Active Directory module for Windows
+PowerShell.
+
+## LONG DESCRIPTION
+
+This topic explains the Active Directory module classes and their properties
+used to model actual Active Directory attributes. It also outlines the class
+hierarchy constructed from its Active Directory counterpart. The object model
+establishes a data foundation for all the operations supported by Active
+Directory module cmdlets.
+
+### Class Hierarchy
+
+The following list shows the class hierarchy defined in the Active Directory
+module object model, with class inheritance implied by indentation. This
+inheritance model allows for Active Directory cmdlets to accept a range of
+object types as input. This means, for example, that the cmdlet
+Get-ADPrincipalGroupMembership can accept as input any of the following
+objects: ADGroup, ADAccount, ADComputer, ADServiceAccount or ADUser. This works
+because of the inheritance model and guarantees that an ADUser object has all
+of the properties of an ADPrincipal object.
+
+```
+ADEntity
+ ADRootDSE
+ ADObject
+ ADFineGrainedPasswordPolicy
+ ADOptionalFeature
+ ADOrganizationalUnit
+ ADPartition
+ ADDomain
+ ADPrincipal
+ ADAccount
+ ADComputer
+ ADServiceAccount
+ ADUser
+ ADGroup
+ ADDefaultDomainPasswordPolicy
+ ADForest
+ ADDirectoryServer
+ ADDomainController
+```
+
+### Active Directory Module Classes
+
+The following listing shows every Active Directory module class from the class
+hierarchy listing. Each class defines a set of properties, some of which are
+LDAP attributes that are retrieved by default and some are new properties
+created specifically for the Active Directory module. These new properties are
+derived from one or more LDAP attributes as outlined in the class listings.
+
+
+- ADEntity - The base level class from which all other classes are derived.
+ - ADRootDSE - Represents the rootDSE and is derived from ADEntity. An
+ ADRootDSE may contain the following properties in addition to those
+ inherited from its parent.
+ - ConfigurationNamingContext - A property of type System.String, derived
+ from the directory attribute ConfigurationNamingContext
+ - CurrentTime - A property of type System.DateTime, derived from the
+ directory attribute CurrentTime
+ - DefaultNamingContext - A property of type System.String, derived from the
+ directory attribute DefaultNamingContext
+ - DnsHostName - A property of type System.String, derived from the
+ directory attribute DnsHostName
+ - DomainControllerFunctionality - A property of type
+ ADDomainControllerMode, derived from the directory attribute
+ DomainControllerFunctionality
+ - DomainFunctionality - A property of type ADDomainMode, derived from the
+ directory attribute DomainFunctionality
+ - DsServiceName - A property of type System.String, derived from the
+ directory attribute DsServiceName
+ - ForestFunctionality - A property of type ADForestMode, derived from the
+ directory attribute ForestFunctionality
+ - GlobalCatalogReady - A property of type System.Boolean, derived from the
+ directory attribute GlobalCatalogReady
+ - HighestCommittedUSN - A property of type System.Long, derived from the
+ directory attribute HighestCommittedUSN
+ - LdapServiceName - A property of type System.String, derived from the
+ directory attribute LdapServiceName
+ - NamingContexts - A property of type System.String, derived from the
+ directory attribute NamingContexts
+ - RootDomainNamingContext - A property of type System.String, derived from
+ the directory attribute RootDomainNamingContext
+ - SchemaNamingContext - A property of type System.String, derived from the
+ directory attribute SchemaNamingContext
+ - ServerName - A property of type System.String, derived from the directory
+ attribute ServerName
+ - SubschemaSubentry - A property of type ADObject, derived from the
+ directory attribute SubschemaSubentry
+ - SupportedCapabilities - A property of type ADObjectIdentifier, derived
+ from the directory attribute SupportedCapabilities
+ - SupportedControl - A property of type ADObjectIdentifier, derived from
+ the directory attribute SupportedControl
+ - SupportedLDAPPolicies - A property of type System.String, derived from
+ the directory attribute SupportedLDAPPolicies
+ - SupportedLDAPVersion - A property of type System.Int, derived from the
+ directory attribute SupportedLDAPVersion
+ - SupportedRootDSEOperations - A property of type
+ ADPropertyValueCollection, derived from the directory attribute
+ SupportedRootDSEOperations
+ - SupportedSASLMechanisms - A property of type System.String, derived from
+ the directory attribute SupportedSASLMechanisms
+ - Syncronized - A property of type System.Boolean, derived from the
+ directory attribute IsSynchronized.
+ - ADObject - Represents any object in Active Directory and is derived from
+ ADEntity. An ADObject may contain the following properties in addition to
+ those inherited from its parent.
+ - CanonicalName - A property of type System.String, derived from the
+ directory attribute: canonicalName
+ - CN - A property of type System.String, derived from the directory
+ attribute: cn
+ - Created - A property of type System.DateTime, derived from the directory
+ attribute: createTimeStamp
+ - Deleted - A property of type System.Boolean, derived from the directory
+ attribute: isDeleted
+ - Description - A property of type System.String, derived from the
+ directory attribute: description
+ - DisplayName - A property of type System.String, derived from the
+ directory attribute: displayName
+ - DistinguishedName - A property of type System.String, derived from the
+ directory attribute: distinguishedName
+ - LastKnownParent - A property of type System.String, derived from the
+ directory attribute: lastKnownParent
+ - Modified - A property of type System.DateTime, derived from the directory
+ attribute: modifyTimeStamp
+ - Name - A property of type System.String, derived from the directory
+ attribute: name
+ - ObjectCategory - A property of type System.String, derived from the
+ directory attribute: objectCategory
+ - ObjectClass - A property of type System.String, derived from the
+ directory attribute: objectClass
+ - ObjectGUID - A property of type System.Guid, derived from the directory
+ attribute: objectGUID
+ - ProtectedFromAccidentalDeletion - A property of type System.Boolean,
+ derived from the directory attributes: nTSecurityDescriptor,
+ sdRightsEffective, instanceType, isDeleted
+ - ADFineGrainedPasswordPolicy Represents a fine grained password policy
+ object; that is, an AD object of type msDS-PasswordSettings in AD DS and
+ is derived from ADObject. This class is not supported by AD LDS. An
+ ADFineGrainedPasswordPolicy may contain the following properties in
+ addition to those inherited from its parent.
+ - AppliesTo - A property of type System.String, derived from the
+ directory attribute: msDS-PSOAppliesTo
+ - ComplexityEnabled - A property of type System.Boolean, derived from the
+ directory attribute: msDS-PasswordComplexityEnabled
+ - LockoutDuration - A property of type System.TimeSpan, derived from the
+ directory attribute: msDS-LockoutDuration
+ - LockoutObservationWindow - A property of type System.TimeSpan, derived
+ from the directory attribute: msDS-LockoutObservationWindow
+ - LockoutThreshold - A property of type System.Int32, derived from the
+ directory attribute: msDS-LockoutThreshold
+ - MaxPasswordAge - A property of type System.TimeSpan, derived from the
+ directory attribute: msDS-MaximumPasswordAge
+ - MinPasswordAge - A property of type System.TimeSpan, derived from the
+ directory attribute: msDS-MinimumPasswordAge
+ - MinPasswordLength - A property of type System.Int32, derived from the
+ directory attribute: msDS-MinimumPasswordLength
+ - PasswordHistoryCount - A property of type System.Int32, derived from
+ the directory attribute: msDS-PasswordHistoryLength
+ - Precedence - A property of type System.Int32, derived from the
+ directory attribute: msDS-PasswordSettingsPrecedence
+ - ReversibleEncryptionEnabled - A property of type System.Boolean,
+ derived from the directory attribute:
+ msDS-PasswordReversibleEncryptionEnabled
+ - ADOptionalFeature Represents an optional feature, an Active Directory
+ object of type msDS-OptionalFeature, and is derived from ADObject. An
+ ADOptionalFeaturemay contain the following properties in addition to
+ those inherited from its parent.
+ - EnabledScopes - A property of type System.String, derived from the
+ directory attribute: msDS-EnabledFeatureBL
+ - FeatureGUID - A property of type System.Guid, derived from the
+ directory attribute: msDS-OptionalFeatureGUID
+ - FeatureScope - A property of type System.Int32, derived from the
+ directory attribute: msDS-OptionalFeatureFlags
+ - IsDisableable - A property of type System.Boolean, derived from the
+ directory attribute: msDS-OptionalFeatureFlags
+ - RequiredDomainMode - A property of type
+ Microsoft.ActiveDirectory.Management.ADDomainMode, derived from the
+ directory attribute: msDS-RequiredDomainBehaviorVersion
+ - RequiredForestMode - A property of type
+ Microsoft.ActiveDirectory.Management.ADForestMode, derived from the
+ directory attribute: msDS-RequiredForestBehaviorVersion
+ - ADOrganizationalUnit Represents an organizationalUnit (OU) object and is
+ derived from ADObject. An ADOrganizationalUnit may contain the following
+ properties in addition to those inherited from its parent.
+ - City - A property of type System.String, derived from the directory
+ attribute: l
+ - Country - A property of type System.String, derived from the directory
+ attribute: c
+ - LinkedGroupPolicyObjects - A property of type System.String, derived
+ from the directory attribute: gpLink. This property is not supported on
+ AD LDS.
+ - ManagedBy - A property of type System.String, derived from the
+ directory attribute: managedBy
+ - PostalCode - A property of type System.String, derived from the
+ directory attribute: postalCode
+ - State - A property of type System.String, derived from the directory
+ attribute: st
+ - StreetAddress - A property of type System.String, derived from the
+ directory attribute: street
+ - ADPartition - Represents a naming context, Configuration, Schema, Domain
+ or Application Partition(ND NC) and is derived from ADObject. This class
+ is not supported by AD LDS. An ADPartition may contain the following
+ properties in addition to those inherited from its parent.
+ - DeletedObjectsContainer - A property of type System.String, derived
+ from the directory attribute: DeletedObjectsContainer
+ - DNSRoot - A property of type System.String, derived from the directory
+ attribute: DNSRoot
+ - LostAndFoundContainer - A property of type System.String, derived from
+ the directory attribute: LostAndFoundContainer
+ - QuotasContainer - A property of type System.String, derived from the
+ directory attribute: QuotasContainer
+ - ReadOnlyReplicaDirectoryServers - A property of type System.String,
+ derived from the directory attribute: ReadOnlyReplicaDirectoryServers
+ - ReplicaDirectoryServers - A property of type System.String, derived
+ from the directory attribute: ReplicaDirectoryServers
+ - SubordinateReferences - A property of type System.String, derived from
+ the directory attribute: SubordinateReferences
+ - ADDomain - Represents a domain in AD DS or an instance in AD LDS; for
+ example, an Active Directory object of type domainDNS and is derived
+ from ADPartition. This class is not supported by AD LDS. An ADDomain
+ may contain the following properties in addition to those inherited
+ from its parent.
+ - AllowedDNSSuffixes - A property of type System.String, derived from
+ the directory attribute: msDS-AllowedDNSSuffixes
+ - ChildDomains - A property of type System.String, derived from the
+ directory attribute: ChildDomains
+ - ComputersContainer - A property of type System.String, derived from
+ the directory attribute: ComputersContainer
+ - DomainControllersContainer - A property of type System.String,
+ derived from the directory attribute: DomainControllersContainer
+ - DomainMode - A property of type System.Int32, derived from the
+ directory attribute: msDS-Behavior-Version
+ - DomainSID - A property of type
+ System.Security.Principal.SecurityIdentifier, derived from the
+ directory attribute: objectSid
+ - ForeignSecurityPrincipalsContainer - A property of type
+ System.String, derived from the directory attribute:
+ ForeignSecurityPrincipalsContainer
+ - Forest - A property of type System.String, derived from the directory
+ attribute: Forest
+ - InfrastructureMaster - A property of type System.String, derived from
+ the directory attribute: InfrastructureMaster
+ - LastLogonReplicationInterval - A property of type System.TimeSpan,
+ derived from the directory attribute: msDS-LogonTimeSyncInterval
+ - LinkedGroupPolicyObjects - A property of type System.String, derived
+ from the directory attribute: LinkedGroupPolicyObjects
+ - ManagedBy - A property of type System.String, derived from the
+ directory attribute: managedBy
+ - NetBIOSName - A property of type System.String, derived from the
+ directory attribute: NetBIOSName
+ - ParentDomain - A property of type System.String, derived from the
+ directory attribute: ParentDomain
+ - PDCEmulator - A property of type System.String, derived from the
+ directory attribute: PDCEmulator
+ - RIDMaster - A property of type System.String, derived from the
+ directory attribute: RIDMaster
+ - SystemsContainer - A property of type System.String, derived from the
+ directory attribute: SystemsContainer
+ - UsersContainer - A property of type System.String, derived from the
+ directory attribute: UsersContainer
+ - ADPrincipal - Represents a security principal, which is an Active
+ Directory object of type user, computer, group or iNetOrgPerson and is
+ derived from ADObject. An ADPrincipal may contain the following
+ properties in addition to those inherited from its parent.
+ - HomePage - A property of type System.String, derived from the
+ directory attribute: wWWHomePage
+ - MemberOf - A property of type System.String, derived from the
+ directory attribute: memberOf
+ - SamAccountName - A property of type System.String, derived from the
+ directory attribute: sAMAccountName. This property is not supported
+ for AD LDS.
+ - SID - A property of type
+ System.Security.Principal.SecurityIdentifier, derived from the
+ directory attribute: objectSid
+ - SIDHistory - A property of type
+ System.Security.Principal.SecurityIdentifier, derived from the
+ directory attribute: sIDHistory. This property is not supported for
+ AD LDS.
+ - ADAccount - Represents a security account; that is, an Active
+ Directory object of type user, computer or iNetOrgPerson and is
+ derived from ADPrincipal. An ADAccount may contain the following
+ properties in addition to those inherited from its parent.
+ - AccountExpirationDate - A property of type System.DateTime, derived
+ from the directory attribute: accountExpires
+ - AccountLockoutTime - A property of type System.DateTime, derived
+ from the directory attribute: lockoutTime
+ - AccountNotDelegated - A property of type System.Boolean, derived
+ from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - AllowReversiblePasswordEncryption - A property of type
+ System.Boolean, for AD DS it is derived from the directory
+ attribute: userAccountControl; for AD LDS it is derived from the
+ directory attribute: ms-DS-UserEncryptedTextPasswordAllowed
+ - BadLogonCount - A property of type System.Int32, derived from the
+ directory attribute: badPwdCount
+ - CannotChangePassword - A property of type System.Boolean, derived
+ from the directory attribute: nTSecurityDescriptor
+ - Certificates - A property of type
+ System.Security.Cryptography.X509Certificates.X509Certificate,
+ derived from the directory attribute: userCertificate
+ - DoesNotRequirePreAuth - A property of type System.Boolean, derived
+ from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - Enabled - A property of type System.Boolean, for AD DS it is
+ derived from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed; for AD LDS it is derived from
+ the directory attribute msDS-UserAccountDisabled
+ - HomedirRequired - A property of type System.Boolean, derived from
+ the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - LastBadPasswordAttempt - A property of type System.DateTime,
+ derived from the directory attribute: badPasswordTime
+ - LastLogonDate - A property of type System.DateTime, derived from
+ the directory attribute: lastLogonTimestamp
+ - LockedOut - A property of type System.Boolean, for AD DS it is
+ derived from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed, lockoutTime; for AD LDS it is
+ derived from the directory attribute msDS-UserAccountDisabled
+ - MNSLogonAccount - A property of type System.Boolean, derived from
+ the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - PasswordExpired - A property of type System.Boolean, for AD DS it
+ is derived from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed; for AD LDS it is derived from
+ the directory attribute msDS-UserPasswordExpired
+ - PasswordLastSet - A property of type System.DateTime, derived from
+ the directory attribute: pwdLastSet
+ - PasswordNeverExpires - A property of type System.Boolean, for AD
+ LDS it is derived from the directory attributes:
+ userAccountControl, msDS-User-Account-Control-Computed; for AD LDS
+ it is derived from the directory attribute:
+ msDS-UserDontExpirePassword
+ - PasswordNotRequired - A property of type System.Boolean, for AD DS
+ it is derived from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed; for AD LDS it is derived from
+ the directory attribute: ms-DS-UserPasswordNotRequired
+ - PrimaryGroup - A property of type System.String, derived from the
+ directory attributes: primaryGroupID, objectSid. This property is
+ not supported by AD LDS.
+ - ServicePrincipalNames - A property of type System.String, derived
+ from the directory attribute: servicePrincipalName. This property
+ is not supported by AD LDS.
+ - TrustedForDelegation - A property of type System.Boolean, derived
+ from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - TrustedToAuthForDelegation - A property of type System.Boolean,
+ derived from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - UseDESKeyOnly - A property of type System.Boolean, derived from the
+ directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not supported
+ by AD LDS.
+ - UserPrincipalName - A property of type System.String, derived from
+ the directory attribute: userPrincipalName
+ - ADComputer - Represents a computer and is derived from ADAccount.
+ An ADComputer may contain the following properties in addition to
+ those inherited from its parent.
+ - DNSHostName - A property of type System.String, derived from the
+ directory attribute: dNSHostName
+ - IPv4Address - A property of type System.String, derived from the
+ directory attribute: dNSHostName
+ - IPv6Address - A property of type System.String, derived from the
+ directory attribute: dNSHostName
+ - Location - A property of type System.String, derived from the
+ directory attribute: location
+ - ManagedBy - A property of type System.String, derived from the
+ directory attribute: managedBy
+ - OperatingSystem - A property of type System.String, derived from
+ the directory attribute: operatingSystem
+ - OperatingSystemHotfix - A property of type System.String, derived
+ from the directory attribute: operatingSystemHotfix
+ - OperatingSystemServicePack - A property of type System.String,
+ derived from the directory attribute: operatingSystemServicePack
+ - OperatingSystemVersion - A property of type System.String,
+ derived from the directory attribute: operatingSystemVersion
+ - ServiceAccount - A property of type System.String, derived from
+ the directory attribute: msDS-HostServiceAccount
+ - ADServiceAccount - Represents a managed service account; that is,
+ an Active Directory object of type msDS-ManagerdServiceAccount and
+ is derived from ADAccount. This class is not supported by AD LDS.
+ An ADServiceAccount may contain the following properties in
+ addition to those inherited from its parent.
+ - HostComputers - A property of type System.String, derived from
+ the directory attribute: msDS-HostServiceAccountBL
+ - ADUser - Represents a user (or iNetOrgPerson) and is derived from
+ ADAccount. An ADUser may contain the following properties in
+ addition to those inherited from its parent.
+ - City - A property of type System.String, derived from the
+ directory attribute: l
+ - Company - A property of type System.String, derived from the
+ directory attribute: company
+ - Country - A property of type System.String, derived from the
+ directory attribute: c
+ - Department - A property of type System.String, derived from the
+ directory attribute: department
+ - Division - A property of type System.String, derived from the
+ directory attribute: division
+ - EmailAddress - A property of type System.String, derived from the
+ directory attribute: mail
+ - EmployeeID - A property of type System.String, derived from the
+ directory attribute: employeeID
+ - EmployeeNumber - A property of type System.String, derived from
+ the directory attribute: employeeNumber
+ - Fax - A property of type System.String, derived from the
+ directory attribute: facsimileTelephoneNumber
+ - GivenName - A property of type System.String, derived from the
+ directory attribute: givenName
+ - HomeDirectory - A property of type System.String, derived from
+ the directory attribute: homeDirectory. This property is not
+ supported by AD LDS.
+ - HomeDrive - A property of type System.String, derived from the
+ directory attribute: homeDrive. This property is not supported by
+ AD LDS.
+ - HomePhone - A property of type System.String, derived from the
+ directory attribute: homePhone
+ - Initials - A property of type System.String, derived from the
+ directory attribute: initials
+ - LogonWorkstations - A property of type System.String, derived
+ from the directory attribute: userWorkstations. This property is
+ not supported by AD LDS.
+ - Manager - A property of type System.String, derived from the
+ directory attribute: manager
+ - MobilePhone - A property of type System.String, derived from the
+ directory attribute: mobile
+ - Office - A property of type System.String, derived from the
+ directory attribute: physicalDeliveryOfficeName
+ - OfficePhone - A property of type System.String, derived from the
+ directory attribute: telephoneNumber
+ - Organization - A property of type System.String, derived from the
+ directory attribute: o
+ - OtherName - A property of type System.String, derived from the
+ directory attribute: middleName
+ - POBox - A property of type System.String, derived from the
+ directory attribute: postOfficeBox
+ - PostalCode - A property of type System.String, derived from the
+ directory attribute: postalCode
+ - ProfilePath - A property of type System.String, derived from the
+ directory attribute: profilePath. This property is not supported
+ by AD LDS.
+ - ScriptPath - A property of type System.String, derived from the
+ directory attribute: scriptPath. This property is not supported
+ by AD LDS.
+ - SmartcardLogonRequired - A property of type System.Boolean,
+ derived from the directory attributes: userAccountControl,
+ msDS-User-Account-Control-Computed. This property is not
+ supported by AD LDS.
+ - State - A property of type System.String, derived from the
+ directory attribute: st
+ - StreetAddress - A property of type System.String, derived from
+ the directory attribute: streetAddress
+ - Surname - A property of type System.String, derived from the
+ directory attribute: sn
+ - Title - A property of type System.String, derived from the
+ directory attribute: title
+ - ADGroup -Represents a group and is derived from ADPrincipal. An
+ ADGroup may contain the following properties in addition to those
+ inherited from its parent.
+ - GroupCategory - A property of type
+ Microsoft.ActiveDirectory.Management.ADGroupCategory, derived from
+ the directory attribute: groupType
+ - GroupScope - A property of type
+ Microsoft.ActiveDirectory.Management.ADGroupScope, derived from the
+ directory attribute: groupType
+ - ManagedBy - A property of type System.String, derived from the
+ directory attribute: managedBy
+ - Members - A property of type System.String, derived from the
+ directory attribute: member
+ - ADDefaultDomainPasswordPolicy - Represents the domain-wide password policy
+ of an Active Directory domain and is derived from ADEntity. This class is
+ not supported by AD LDS. An ADDefaultDomainPasswordPolicy may contain the
+ following properties in addition to those inherited from its parent.
+ - ComplexityEnabled - A property of type System.Boolean, derived from the
+ directory attribute: pwdProperties
+ - DistinguishedName - A property of type System.String, derived from the
+ directory attribute: distinguishedName
+ - LockoutDuration - A property of type System.TimeSpan, derived from the
+ directory attribute: lockoutDuration
+ - LockoutObservationWindow - A property of type System.TimeSpan, derived
+ from the directory attribute: lockoutObservationWindow
+ - LockoutThreshold - A property of type System.Int32, derived from the
+ directory attribute: lockoutThreshold
+ - MaxPasswordAge - A property of type System.TimeSpan, derived from the
+ directory attribute: maxPwdAge
+ - MinPasswordAge - A property of type System.TimeSpan, derived from the
+ directory attribute: minPwdAge
+ - MinPasswordLength - A property of type System.Int32, derived from the
+ directory attribute: minPwdLength
+ - PasswordHistoryCount - A property of type System.Int32, derived from the
+ directory attribute: pwdHistoryLength
+ - ReversibleEncryptionEnabled - A property of type System.Boolean, derived
+ from the directory attribute: pwdProperties
+ - ADForest - Represents a Active Directory forest in AD DS or a Configuration
+ Set in AD LDS and is derived from ADEntity. This class is not supported by
+ AD LDS. An ADForest may contain the following properties in addition to
+ those inherited from its parent.
+ - ApplicationPartitions - A property of type System.String, derived from
+ the directory attribute: ApplicationPartitions
+ - CrossForestReferences - A property of type System.String, derived from
+ the directory attribute: CrossForestReferences
+ - DomainNamingMaster - A property of type System.String, derived from the
+ directory attribute: DomainNamingMaster
+ - Domains - A property of type System.String, derived from the directory
+ attribute: Domains
+ - ForestMode - A property of type System.Int32, derived from the directory
+ attribute: msDS-Behavior-Version
+ - GlobalCatalogs - A property of type System.String, derived from the
+ directory attribute: GlobalCatalogs
+ - Name - A property of type System.String, derived from the directory
+ attribute: name
+ - PartitionContainerName - A property of type System.String, derived from
+ the directory attribute: distinguishedName
+ - RootDomain - A property of type System.String, derived from the directory
+ attribute: RootDomain
+ - SchemaMaster - A property of type System.String, derived from the
+ directory attribute: SchemaMaster
+ - Sites - A property of type System.String, derived from the directory
+ attribute: Sites
+ - SPNSuffixes - A property of type System.String, derived from the
+ directory attribute: msDS-SPNSuffixes
+ - UPNSuffixes - A property of type System.String, derived from the
+ directory attribute: uPNSuffixes
+ - ADDirectoryServer - Represents a directory server used as either a domain
+ controller or an AD LDS instance and is derived from ADEntity. An
+ ADDirectoryServer may contain the following properties in addition to those
+ inherited from its parent.
+ - DefaultPartition - A property of type System.String, derived from the
+ directory attribute: DefaultPartition
+ - HostName - A property of type System.String, derived from the directory
+ attribute: HostName
+ - InvocationId - A property of type System.Guid, derived from the directory
+ attribute: InvocationId
+ - IPv4Address - A property of type System.String, derived from the
+ directory attribute: HostName
+ - IPv6Address - A property of type System.String, derived from the
+ directory attribute: HostName
+ - LdapPort - A property of type System.Int32, derived from the directory
+ attribute: LdapPort
+ - Name - A property of type System.String, derived from the directory
+ attribute: Name
+ - NTDSSettingsObjectDN - A property of type System.String, derived from the
+ directory attribute: NTDSSettingsObjectDN
+ - OperationMasterRoles - A property of type
+ Microsoft.ActiveDirectory.Management.ADOperationMasterRole, derived from
+ the directory attribute: OperationMasterRole
+ - Partitions - A property of type System.String, derived from the directory
+ attribute: Partitions
+ - ServerObjectDN - A property of type System.String, derived from the
+ directory attribute: ServerObjectDN
+ - ServerObjectGuid - A property of type System.Guid, derived from the
+ directory attribute: ServerObjectGuid
+ - Site - A property of type System.String, derived from the directory
+ attribute: Site
+ - SslPort - A property of type System.Int32, derived from the directory
+ attribute: SslPort
+ - ADDomainController - Represents a domain controller in AD DS and is
+ derived from ADDirectoryServer. An ADDomainController may contain the
+ following properties in addition to those inherited from its parent.
+ - ComputerObjectDN - A property of type System.String, derived from the
+ directory attribute: ComputerDN
+ - Domain - A property of type System.String, derived from the directory
+ attribute: Domain
+ - Enabled - A property of type System.Boolean, derived from the directory
+ attribute: Enabled
+ - Forest - A property of type System.String, derived from the directory
+ attribute: Forest
+ - IsGlobalCatalog - A property of type System.Boolean, derived from the
+ directory attribute: IsGlobalCatalog
+ - IsReadOnly - A property of type System.Boolean, derived from the
+ directory attribute: IsReadOnly
+ - OperatingSystem - A property of type System.String, derived from the
+ directory attribute: OSName
+ - OperatingSystemHotfix - A property of type System.String, derived from
+ the directory attribute: OSHotFix
+ - OperatingSystemServicePack - A property of type System.String, derived
+ from the directory attribute: OSServicepack
+ - OperatingSystemVersion - A property of type System.String, derived from
+ the directory attribute: OSVersion
diff --git a/docset/winserver2019-ps/activedirectory/New-ADOrganizationalUnit.md b/docset/winserver2019-ps/activedirectory/New-ADOrganizationalUnit.md
index 19ad0825d4..aa8d743771 100644
--- a/docset/winserver2019-ps/activedirectory/New-ADOrganizationalUnit.md
+++ b/docset/winserver2019-ps/activedirectory/New-ADOrganizationalUnit.md
@@ -24,12 +24,13 @@ New-ADOrganizationalUnit [-WhatIf] [-Confirm] [-AuthType ] [-City New-ADOrganizationalUnit -Name "UserAccounts" -Path "DC=FABRIKAM,DC=COM"
```
-This command creates an OU named UserAccounts that is protected from accidental deletion.
+This command creates an OU named UserAccounts that is protected from accidental deletion. Note that accidental protection is implicit.
### Example 2: Create an OU that is not protected from accidental deletion
+
```
PS C:\> New-ADOrganizationalUnit -Name "UserAccounts" -Path "DC=FABRIKAM,DC=COM" -ProtectedFromAccidentalDeletion $False
```
@@ -62,6 +66,7 @@ PS C:\> New-ADOrganizationalUnit -Name "UserAccounts" -Path "DC=FABRIKAM,DC=COM"
This command creates an OU named UserAccounts that is not protected from accidental deletion.
### Example 3: Create an OU that is protected from accidental deletion
+
```
PS C:\> New-ADOrganizationalUnit -Name "UserAccounts" -Path "DC=FABRIKAM,DC=COM" -OtherAttributes @{seeAlso="CN=HumanResourceManagers,OU=Groups,OU=Managed,DC=Fabrikam,DC=com";managedBy="CN=TomC,DC=FABRIKAM,DC=COM"}
```
@@ -70,6 +75,7 @@ This command creates an OU named UserAccounts that is protected from accidental
The **seeAlso** and **managedBy** properties are set to specified values.
### Example 4: Create an OU from a template OU
+
```
PS C:\> $OuTemplate = Get-ADOrganizationalUnit -Identity "OU=UserAccounts,DC=Fabrikam,DC=com" -Properties seeAlso,managedBy
PS C:\> New-ADOrganizationalUnit -Name "TomCReports" -Instance $OuTemplate
@@ -78,6 +84,7 @@ PS C:\> New-ADOrganizationalUnit -Name "TomCReports" -Instance $OuTemplate
This command uses the data from the OU OU=UserAccounts,DC=Fabrikam,DC=com as a template for another OU.
### Example 5: Create an OU in an AD LDS instance
+
```
PS C:\> New-ADOrganizationalUnit -Name "Managed" -Path "DC=AppNC" -Server "FABRIKAM-SRV1:60000"
```
@@ -87,6 +94,7 @@ This command creates an OU named Managed in an AD LDS instance.
## PARAMETERS
### -AuthType
+
Specifies the authentication method to use.
The acceptable values for this parameter are:
@@ -111,9 +119,10 @@ Accept wildcard characters: False
```
### -City
+
Specifies the town or city.
This parameter sets the **City** property of an OU object.
-The Lightweight Directory Access Protocol (LDAP) display name (**ldapDisplayName**) of this property is l.
+The Lightweight Directory Access Protocol (LDAP) display name (**ldapDisplayName**) of this property is `l`.
```yaml
Type: String
@@ -128,6 +137,7 @@ Accept wildcard characters: False
```
### -Confirm
+
Prompts you for confirmation before running the cmdlet.
```yaml
@@ -143,9 +153,10 @@ Accept wildcard characters: False
```
### -Country
+
Specifies the country or region code.
This parameter sets the **Country** property of an OU object.
-The LDAP display name (**ldapDisplayName**) of this property is c.
+The LDAP display name (**ldapDisplayName**) of this property is `c`.
This value is not used by Windows 2000.
```yaml
@@ -161,14 +172,15 @@ Accept wildcard characters: False
```
### -Credential
+
Specifies the user account credentials to use to perform this task.
The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive.
If the cmdlet is run from such a provider drive, the account associated with the drive is the default.
-To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a **PSCredential** object.
+To specify this parameter, you can type a user name, such as `User1` or `Domain01\User01` or you can specify a **PSCredential** object.
If you specify a user name for this parameter, the cmdlet prompts for a password.
-You can also create a **PSCredential** object by using a script or by using the **Get-Credential** cmdlet.
+You can also create a **PSCredential** object by using a script or by using the [Get-Credential](/powershell/module/microsoft.powershell.security/get-credential?view=powershell-5.1) cmdlet.
You can then set the *Credential* parameter to the **PSCredential** object.
If the acting credentials do not have directory-level permission to perform the task, Active Directory PowerShell returns a terminating error.
@@ -186,6 +198,7 @@ Accept wildcard characters: False
```
### -Description
+
Specifies a description of the object.
This parameter sets the value of the **Description** property for the OU object.
The LDAP display name (**ldapDisplayName**) for this property is description.
@@ -203,9 +216,10 @@ Accept wildcard characters: False
```
### -DisplayName
+
Specifies the display name of the object.
This parameter sets the **DisplayName** property of the OU object.
-The LDAP display name (**ldapDisplayName**) for this property is displayName.
+The LDAP display name (**ldapDisplayName**) for this property is `description`.
```yaml
Type: String
@@ -220,6 +234,7 @@ Accept wildcard characters: False
```
### -Instance
+
Specifies an instance of an OU object to use as a template for a new OU object.
You can use an instance of an existing OU object as a template or you can construct a new OU object by using the Windows PowerShell command line or by using a script.
@@ -232,7 +247,8 @@ You can override property values of the new object by setting the appropriate pa
Method 2: Create a new **ADOrganizationalUnit** object and set the property values by using the Windows PowerShell command line interface.
Then pass this object to the *Instance* parameter of the **New-ADOrganizationalUnit** cmdlet to create the new Active Directory OU object.
-Note: Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set raises an error.
+> [!NOTE]
+> Specified attributes are not validated, so attempting to set attributes that do not exist or cannot be set raises an error.
```yaml
Type: ADOrganizationalUnit
@@ -247,16 +263,17 @@ Accept wildcard characters: False
```
### -ManagedBy
+
Specifies the user or group that manages the object by providing one of the following property values.
Note: The identifier in parentheses is the LDAP display name for the property.
The acceptable values for this parameter are:
- A distinguished name
-- A GUID (objectGUID)
-- A security identifier (objectSid)
+- A GUID (objectGUID)
+- A security identifier (objectSid)
- A SAM account name (sAMAccountName)
-This parameter sets the Active Directory attribute with an LDAP display name of managedBy.
+This parameter sets the Active Directory attribute with an LDAP display name of `managedBy`.
```yaml
Type: ADPrincipal
@@ -271,9 +288,10 @@ Accept wildcard characters: False
```
### -Name
+
Specifies the name of the object.
This parameter sets the **Name** property of the OU object.
-The LDAP display name (**ldapDisplayName**) of this property is name.
+The LDAP display name (**ldapDisplayName**) of this property is `name`.
```yaml
Type: String
@@ -288,6 +306,7 @@ Accept wildcard characters: False
```
### -OtherAttributes
+
Specifies object attribute values for attributes that are not represented by cmdlet parameters.
You can set one or more parameters at the same time with this parameter.
If an attribute takes more than one value, you can assign multiple values.
@@ -297,11 +316,11 @@ To specify a single value for an attribute:
`-OtherAttributes @{'AttributeLDAPDisplayName'=value}`
-To specify multiple values for an attribute:
+To specify multiple values for an attribute, separate the values with a comma:
`-OtherAttributes @{'AttributeLDAPDisplayName'=value1,value2,...}`
-To specify values for multiple attributes:
+To specify values for multiple attributes, separate the attributes with a semi-colon:
`-OtherAttributes @{'Attribute1LDAPDisplayName'=value; 'Attribute2LDAPDisplayName'=value1,value2;...}`
@@ -318,6 +337,7 @@ Accept wildcard characters: False
```
### -PassThru
+
Returns an object representing the item with which you are working.
By default, this cmdlet does not generate any output.
@@ -334,6 +354,7 @@ Accept wildcard characters: False
```
### -Path
+
Specifies the X.500 path of the OU or container where the new object is created.
In many cases, a default value is used for the *Path* parameter if no value is specified.
@@ -342,22 +363,22 @@ Note that rules listed first are evaluated first and when a default value can be
In Active Directory Domain Services (AD DS) environments, a default value for *Path* is set in the following cases:
-- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive.
-- If the cmdlet has a default path, this is used.
-For example: in New-ADUser, the *Path* parameter defaults to the Users container.
-- If none of the previous cases apply, the default value of *Path* is set to the default partition or naming context of the target domain.
+- If the cmdlet is run from an Active Directory PowerShell provider drive, the parameter is set to the current path of the provider drive.
+- If the cmdlet has a default path, this is used. For example: in **New-ADUser**, the *Path* parameter defaults to the Users container.
+- If none of the previous cases apply, the default value of *Path* is set to the default partition or naming context of the target domain.
-In AD LDS environments, a default value for *Path* is set in the following cases:
+In AD LDS environments, a default value for *Path* is set in the following cases:
-- If the cmdlet is run from an Active Directory module for PowerShell provider drive, the parameter is set to the current path of the provider drive.
-- If the cmdlet has a default path, this is used.
-For example: in New-ADUser, the *Path* parameter defaults to the Users container.
+- If the cmdlet is run from an Active Directory module for PowerShell provider drive, the parameter is set to the current path of the provider drive.
+- If the cmdlet has a default path, this is used. For example: in **New-ADUser**, the *Path* parameter defaults to the Users container.
- If the target AD LDS instance has a default naming context, the default value of *Path* is set to the default naming context.
-To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance.
+ To specify a default naming context for an AD LDS environment, set the **msDS-defaultNamingContext** property of the Active Directory directory service agent object (**nTDSDSA**) for the AD LDS instance.
- If none of the previous cases apply, the *Path* parameter does not take any default value.
-Note: The Active Directory Provider cmdlets, such as **New-Item**, **Remove-Item**, **Remove-ItemProperty**, **Rename-Item**, and **Set-ItemProperty**, also contain a **Path** property.
-However, for the Active Directory Provider cmdlets, the *Path* parameter identifies the path of the actual object rather than the container.
+> [!NOTE]
+> The Active Directory Provider cmdlets, such as **New-Item**, **Remove-Item**, **Remove-ItemProperty**, **Rename-Item**, and **Set-ItemProperty**, also contain a **Path** property.
+>
+> However, for the Active Directory Provider cmdlets, the *Path* parameter identifies the path of the actual object rather than the container.
```yaml
Type: String
@@ -372,9 +393,10 @@ Accept wildcard characters: False
```
### -PostalCode
+
Specifies the postal code or zip code.
This parameter sets the **PostalCode** property of an OU object.
-The LDAP display name (**ldapDisplayName**) of this property is postalCode.
+The LDAP display name (**ldapDisplayName**) of this property is `postalCode`.
```yaml
Type: String
@@ -389,6 +411,7 @@ Accept wildcard characters: False
```
### -ProtectedFromAccidentalDeletion
+
Indicates whether to prevent the object from being deleted.
When this property is set to $True, you cannot delete the corresponding object without changing the value of the property.
The acceptable values for this parameter are:
@@ -409,17 +432,18 @@ Accept wildcard characters: False
```
### -Server
+
Specifies the AD DS instance to connect to, by providing one of the following values for a corresponding domain name or directory server.
The service may be any of the following: AD LDS, AD DS, or Active Directory snapshot instance.
-Specify the AD DS instance in one of the following ways:
+Specify the AD DS instance in one of the following ways:
Domain name values:
- Fully qualified domain name
- NetBIOS name
-Directory server values:
+Directory server values:
- Fully qualified directory server name
- NetBIOS name
@@ -444,9 +468,10 @@ Accept wildcard characters: False
```
### -State
+
Specifies a state or province.
This parameter sets the **State** property of an OU object.
-The LDAP display name (**ldapDisplayName**) of this property is st.
+The LDAP display name (**ldapDisplayName**) of this property is `st`.
```yaml
Type: String
@@ -461,9 +486,10 @@ Accept wildcard characters: False
```
### -StreetAddress
+
Specifies a street address.
This parameter sets the **StreetAddress** property of an OU object.
-The LDAP display name (**ldapDisplayName**) of this property is street.
+The LDAP display name (**ldapDisplayName**) of this property is `street`.
```yaml
Type: String
@@ -478,6 +504,7 @@ Accept wildcard characters: False
```
### -WhatIf
+
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
@@ -494,20 +521,24 @@ Accept wildcard characters: False
```
### CommonParameters
+
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
## INPUTS
### None or Microsoft.ActiveDirectory.Management.ADOrganizationalUnit
+
An OU object that is a template for the new OU object is received by the *Instance* parameter.
## OUTPUTS
### None or Microsoft.ActiveDirectory.Management.ADOrganizationalUnit
+
Returns the new OU object when the *PassThru* parameter is specified.
By default, this cmdlet does not generate any output.
## NOTES
+
* This cmdlet does not work with an Active Directory snapshot.
* This cmdlet does not work with a read-only domain controller.
@@ -518,4 +549,3 @@ By default, this cmdlet does not generate any output.
[Remove-ADOrganizationalUnit](./Remove-ADOrganizationalUnit.md)
[Set-ADOrganizationalUnit](./Set-ADOrganizationalUnit.md)
-
diff --git a/docset/winserver2019-ps/appx/Get-NonRemovableAppsPolicy.md b/docset/winserver2019-ps/appx/Get-NonRemovableAppsPolicy.md
index d3190cccc2..8eb795743f 100644
--- a/docset/winserver2019-ps/appx/Get-NonRemovableAppsPolicy.md
+++ b/docset/winserver2019-ps/appx/Get-NonRemovableAppsPolicy.md
@@ -1,5 +1,6 @@
---
-audiencems.localizationpriority: ITPro
+audience: ITPro
+ms.localizationpriority: Low
description: Use this topic to help prevent the uninstall of specific Windows apps with Windows PowerShell.
external help file: Microsoft.Windows.Appx.PackageManager.Commands.dll-help.xml
Module Name: Appx
diff --git a/docset/winserver2019-ps/appx/Set-NonRemovableAppsPolicy.md b/docset/winserver2019-ps/appx/Set-NonRemovableAppsPolicy.md
index c71cace1de..219553197c 100644
--- a/docset/winserver2019-ps/appx/Set-NonRemovableAppsPolicy.md
+++ b/docset/winserver2019-ps/appx/Set-NonRemovableAppsPolicy.md
@@ -1,5 +1,6 @@
---
-audiencems.localizationpriority: ITPro
+audience: ITPro
+ms.localizationpriority: Low
description: Use this topic to help prevent the uninstall of specific Windows apps with Windows PowerShell.
external help file: Microsoft.Windows.Appx.PackageManager.Commands.dll-help.xml
Module Name: Appx
diff --git a/docset/winserver2019-ps/hyper-v/Get-VMNetworkAdapter.md b/docset/winserver2019-ps/hyper-v/Get-VMNetworkAdapter.md
index 48b82a48ca..85aada7085 100644
--- a/docset/winserver2019-ps/hyper-v/Get-VMNetworkAdapter.md
+++ b/docset/winserver2019-ps/hyper-v/Get-VMNetworkAdapter.md
@@ -203,7 +203,7 @@ Accept wildcard characters: False
### -VM
Specifies the virtual machine whose virtual network adapters are to be retrieved.
-. The asterisk, "*", is the wildcard.
+The asterisk, "*", is the wildcard.
If it is specified the cmdlet returns virtual network adapters from every virtual machine in the system.
```yaml
diff --git a/docset/winserver2019-ps/iisadministration/IISAdministration.md b/docset/winserver2019-ps/iisadministration/IISAdministration.md
index 8269b8ff14..3bfbb95d68 100644
--- a/docset/winserver2019-ps/iisadministration/IISAdministration.md
+++ b/docset/winserver2019-ps/iisadministration/IISAdministration.md
@@ -2,7 +2,7 @@
description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell.
Download Help Link: https://aka.ms/winsvr-2019-pshelp
Help Version: 5.0.3.1
-Locale: en-uS
+Locale: en-US
Module Guid: 07640789-476a-4713-a091-f5b365129c32
Module Name: IISAdministration
ms.date: 12/20/2016
diff --git a/docset/winserver2019-ps/laps/Set-LapsADPasswordExpirationTime.md b/docset/winserver2019-ps/laps/Set-LapsADPasswordExpirationTime.md
index 2a0a2381dd..33ecbb29ce 100644
--- a/docset/winserver2019-ps/laps/Set-LapsADPasswordExpirationTime.md
+++ b/docset/winserver2019-ps/laps/Set-LapsADPasswordExpirationTime.md
@@ -66,7 +66,7 @@ This examples show setting the LAPS password expiration time to a specific date.
### Example 3
```powershell
-Set-LapsADPasswordExpirationTime -Identity lapsClient -WhenEffective (DateTime::Now.AddDays(1))
+Set-LapsADPasswordExpirationTime -Identity lapsClient -WhenEffective ([DateTime]::Now.AddDays(1))
```
```Output
diff --git a/docset/winserver2019-ps/nanoserverimagegenerator/Edit-NanoServerImage.md b/docset/winserver2019-ps/nanoserverimagegenerator/Edit-NanoServerImage.md
deleted file mode 100644
index d81e500ed9..0000000000
--- a/docset/winserver2019-ps/nanoserverimagegenerator/Edit-NanoServerImage.md
+++ /dev/null
@@ -1,770 +0,0 @@
----
-description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell.
-external help file: NanoServerImageGenerator-help.xml
-Module Name: NanoServerImageGenerator
-ms.date: 12/20/2016
-online version: https://learn.microsoft.com/powershell/module/nanoserverimagegenerator/edit-nanoserverimage?view=windowsserver2019-ps&wt.mc_id=ps-gethelp
-schema: 2.0.0
-title: Edit-NanoServerImage
----
-
-# Edit-NanoServerImage
-
-## SYNOPSIS
-Modifies a Nano Server installation image.
-
-## SYNTAX
-
-```
-Edit-NanoServerImage [[-BasePath] ] [-TargetPath] [[-SetupUI] ]
- [[-Package] ] [[-ServicingPackagePath] ] [[-ComputerName] ] [[-AdministratorPassword] ] [[-UnattendPath] ] [[-DomainName] ]
- [[-DomainBlobPath] ] [[-DriverPath] ] [[-InterfaceNameOrIndex] ]
- [[-Ipv6Address] ] [[-Ipv6Dns] ] [[-Ipv4Address] ]
- [[-Ipv4SubnetMask] ] [[-Ipv4Gateway] ] [[-Ipv4Dns] ]
- [[-DebugMethod] {Serial | Net | 1394 | USB} [[-DebugBaudRate] ]
- [[-DebugBusParams ] [[-DebugChannel] ] [[-DebugCOMPort] ]
- [[-DebugKey] ] [[-DebugPort] ] [[-DebugRemoteIP] ]
- [[-DebugTargetName] ]] [-EnableEMS] [[-EMSPort] ] [[-EMSBaudRate] ]
- [[-CopyPath]