Windows AD cmdlets

Windows AD cmdlets are intended for use with on-premise platform instances that have been configured to use Windows AD as the identity provider.

This article describes the 1E PowerShell Toolkit cmdlets for managing on-premise platform instances using Windows AD as the identity provider. For information about the Windows AD integration, refer to Windows AD integration.

Get-1EWindowsAdCertificateInfo

This cmdlet returns metadata for all certificates that have been configured for signing JWTs when Windows is configured to be the IdP.

Get-1EWindowsAdCertificate [ -Id <Id> ]|[ -Thumbprint <Thumbprint> ] -File <File>

This cmdlet downloads a certificate specified by id or thumbprint. The -File parameter expects a file name with path. The downloaded certificate will be saved at the specified location and with a specified file name.

Remove-1EWindowsAdCertificate [ -Id <Id> ]|[ -Thumbprint <Thumbprint> ]

This cmdlet deletes a certificate specified by id or thumbprint.

Set-1EWindowsAdCertificate -File <File >

This cmdlet adds a new certificate or updates an existing certificate that can then be used for signing JWTs when Windows is configured to be the IdP. The -File parameter takes path to the certificate file.

The certificate file should be a .CER file exported in base 64 format, not binary format.

Search-1EWindowsAdUser -Principal <principal>

This cmdlet searches for a principal by querying the internal platform endpoint used for directory searches. This cmdlet is intended for test purposes.

You must acquire a platform token to use this cmdlet. See the -AsPlatform parameter for the set-1eserver cmdlet for more details about platform tokens. Refer to Platform server management cmdlets.

The principal is specified in standard Windows format, that is, domain\user and not as a UPN (user@domain).

If the search succeeds, the user details are returned. If the search fails, no results are returned.