TestimoX

API Reference

Command

Remove-ADXACLAuditRule

Namespace ADPlayground.PowerShell
Inputs
System.DirectoryServices.ActiveDirectorySecurity System.DirectoryServices.DirectoryEntry System.String

Removes an audit rule from an Active Directory security descriptor or entry.

Examples

Authored help example

Example 1: Preview removing a noisy audit rule from an OU


Remove-ADXACLAuditRule -ADObject 'OU=Tier0,DC=contoso,DC=com' -Identity 'CONTOSO\Tier1 Operators' -Rights WriteProperty -AuditFlags Failure -Inheritance Descendents -WhatIf

Example 2: Remove an outdated AdminSDHolder audit rule


Remove-ADXACLAuditRule -ADObject 'CN=AdminSDHolder,CN=System,DC=contoso,DC=com' -Identity 'CONTOSO\Domain Admins' -Rights WriteDacl -AuditFlags Success,Failure -Inheritance None

Common Parameters

This command supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.

For more information, see about_CommonParameters.

Syntax

Remove-ADXACLAuditRule -Security <ActiveDirectorySecurity> -Identity <IdentityInfo> -Rights <CreateChild> -AuditFlags <Success|Failure> -Inheritance <All|Descendents|Children|SelfAndChildren> [<CommonParameters>]
#
Parameter set: By Security

Parameters

Security ActiveDirectorySecurity requiredposition: 0pipeline: true (ByValue, ByPropertyName)
ActiveDirectorySecurity instance to modify.
Identity IdentityInfo requiredposition: 1pipeline: false
Identity whose audit rule will be removed.
Rights AclRights requiredposition: 2pipeline: falsevalues: 16
Rights associated with the rule. Possible values: None, CreateChild, Delete, ReadControl, WriteDacl, WriteOwner, GenericRead, GenericWrite, GenericExecute, ListChildren, DeleteChild, DeleteTree, ReadProperty, WriteProperty, ExtendedRight, Self, GenericAll
Possible values: CreateChild, Delete, ReadControl, WriteDacl, WriteOwner, GenericRead, GenericWrite, GenericExecute, ListChildren, DeleteChild, DeleteTree, ReadProperty, WriteProperty, ExtendedRight, Self, GenericAll
AuditFlags AuditFlags requiredposition: 3pipeline: falsevalues: 2
Audit flags to match. Possible values: None, Success, Failure
Possible values: Success, Failure
Inheritance AclInheritance requiredposition: 4pipeline: falsevalues: 4
Inheritance flags to match. Possible values: None, All, Descendents, Children, SelfAndChildren
Possible values: All, Descendents, Children, SelfAndChildren
Remove-ADXACLAuditRule -Entry <DirectoryEntry> -Identity <IdentityInfo> -Rights <CreateChild> -AuditFlags <Success|Failure> -Inheritance <All|Descendents|Children|SelfAndChildren> [<CommonParameters>]
#
Parameter set: By Entry

Parameters

Entry DirectoryEntry requiredposition: 0pipeline: true (ByValue, ByPropertyName)
DirectoryEntry object to modify.
Identity IdentityInfo requiredposition: 1pipeline: false
Identity whose audit rule will be removed.
Rights AclRights requiredposition: 2pipeline: falsevalues: 16
Rights associated with the rule. Possible values: None, CreateChild, Delete, ReadControl, WriteDacl, WriteOwner, GenericRead, GenericWrite, GenericExecute, ListChildren, DeleteChild, DeleteTree, ReadProperty, WriteProperty, ExtendedRight, Self, GenericAll
Possible values: CreateChild, Delete, ReadControl, WriteDacl, WriteOwner, GenericRead, GenericWrite, GenericExecute, ListChildren, DeleteChild, DeleteTree, ReadProperty, WriteProperty, ExtendedRight, Self, GenericAll
AuditFlags AuditFlags requiredposition: 3pipeline: falsevalues: 2
Audit flags to match. Possible values: None, Success, Failure
Possible values: Success, Failure
Inheritance AclInheritance requiredposition: 4pipeline: falsevalues: 4
Inheritance flags to match. Possible values: None, All, Descendents, Children, SelfAndChildren
Possible values: All, Descendents, Children, SelfAndChildren
Remove-ADXACLAuditRule -ADObject <string> -Identity <IdentityInfo> -Rights <CreateChild> -AuditFlags <Success|Failure> -Inheritance <All|Descendents|Children|SelfAndChildren> [<CommonParameters>]
#
Parameter set: By ADObject

Parameters

ADObject string requiredposition: 0pipeline: true (ByValue, ByPropertyName)
Distinguished name of the object to modify.
Identity IdentityInfo requiredposition: 1pipeline: false
Identity whose audit rule will be removed.
Rights AclRights requiredposition: 2pipeline: falsevalues: 16
Rights associated with the rule. Possible values: None, CreateChild, Delete, ReadControl, WriteDacl, WriteOwner, GenericRead, GenericWrite, GenericExecute, ListChildren, DeleteChild, DeleteTree, ReadProperty, WriteProperty, ExtendedRight, Self, GenericAll
Possible values: CreateChild, Delete, ReadControl, WriteDacl, WriteOwner, GenericRead, GenericWrite, GenericExecute, ListChildren, DeleteChild, DeleteTree, ReadProperty, WriteProperty, ExtendedRight, Self, GenericAll
AuditFlags AuditFlags requiredposition: 3pipeline: falsevalues: 2
Audit flags to match. Possible values: None, Success, Failure
Possible values: Success, Failure
Inheritance AclInheritance requiredposition: 4pipeline: falsevalues: 4
Inheritance flags to match. Possible values: None, All, Descendents, Children, SelfAndChildren
Possible values: All, Descendents, Children, SelfAndChildren