This is the built-in help made by Microsoft for the command 'New-ADAuthenticationPolicy', in PowerShell version 5 - as retrieved from
Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.
For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.
Creates an Active Directory Domain Services authentication policy object.
New-ADAuthenticationPolicy [-Name] <String> [-AuthType {Negotiate | Basic}] [-ComputerAllowedToAuthenticateTo <String>] [-ComputerTGTLifetimeMins <Int32>] [-Credential
<PSCredential>] [-Description <String>] [-Enforce] [-Instance <ADAuthenticationPolicy>] [-OtherAttributes <Hashtable>] [-PassThru] [-ProtectedFromAccidentalDeletion
<Boolean>] [-Server <String>] [-ServiceAllowedToAuthenticateFrom <String>] [-ServiceAllowedToAuthenticateTo <String>] [-ServiceTGTLifetimeMins <Int32>]
[-UserAllowedToAuthenticateFrom <String>] [-UserAllowedToAuthenticateTo <String>] [-UserTGTLifetimeMins <Int32>] [-Confirm] [-WhatIf] [<CommonParameters>]
The New-ADAuthenticationPolicy creates an authentication policy object in Active Directory® Domain Services.
Commonly used attributes of the object can be specified by the parameters of this cmdlet. To set attributes for the object that are not represented by the parameters of this
cmdlet, specify the OtherAttributes parameter.
You can use the pipeline operator and the Import-Csv cmdlet to pass a list for bulk creation of objects in the directory. You can also specify a template object by using
the Instance parameter to create objects from a template.
<
Online Version: http://go.microsoft.com/fwlink/p/?linkid=288462
Get-ADAuthenticationPolicy
Remove-ADAuthenticationPolicy
Set-ADAuthenticationPolicy
<
Example 1: Create an authentication policy with a user TGT lifetime
PS C:\> New-ADAuthenticationPolicy -Name "AuthenticationPolicy01" -UserTGTLifetimeMins 60
This command creates an authentication policy object named AuthenticationPolicy01 and sets the TGT lifetime for a user account to 60 minutes. Because the Enforce parameter
is not specified, the authentication policy created is in audit mode.
Example 2: Create an enforced authentication policy
PS C:\> New-ADAuthenticationPolicy -Name "AuthenticationPolicy02" -Enforce
This command creates an authentication policy named AuthenticationPolicy02 and enforces it by specifying the Enforce parameter.
Example 3: Create an authentication policy
PS C:\> New-ADAuthenticationPolicy -Name "testAuthenticationPolicy" -UserAllowedToAuthenticateFrom (Get-Acl .\someFile.txt).sddl
This command creates an authentication policy named TestAuthenticationPolicy. The UserAllowedToAuthenticationFrom parameter specifies the devices from which users are
allowed to authenticate by an SDDL string in the file named someFile.txt