Remove-DAAppServer

Remove-DAAppServer

Removes the specified list of application server security groups (SGs) from the DirectAccess (DA) deployment, removes the specified application servers from the specified DA application server SG,and removes the application server Group Policy Objects (GPOs) in the specified domains.

구문

Parameter Set: AppServerSGGpo
Remove-DAAppServer [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-DomainName <String[]> ] [-InformationAction <System.Management.Automation.ActionPreference> {SilentlyContinue | Stop | Continue | Inquire | Ignore | Suspend} ] [-InformationVariable <System.String> ] [-PassThru] [-SecurityGroupNameList <String[]> ] [-ThrottleLimit <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>] [ <WorkflowParameters>]

Parameter Set: AppServerFromSGGpo
Remove-DAAppServer [-Name] <String[]> [-SecurityGroupName] <String> [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-DomainName <String[]> ] [-InformationAction <System.Management.Automation.ActionPreference> {SilentlyContinue | Stop | Continue | Inquire | Ignore | Suspend} ] [-InformationVariable <System.String> ] [-PassThru] [-ThrottleLimit <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>] [ <WorkflowParameters>]




자세한 설명

The Remove-DAAppServer cmdlet removes the specified list of application server security groups (SGs) from the DirectAccess (DA) deployment, removes the specified application servers from the specified DA application server SG,and removes the application server Group Policy Objects (GPOs) in the specified domains. This cmdlet is not applicable when DA is deployed only for the management of remote clients.

The basic paradigm is that all application server GPOs always contain all SGs even if all the corresponding domains are not represented in all the SGs. There will never be a scenario where an SG is present only in some of the GPOs. If this happens, then it means that the configuration is in a bad state.

The application server SG and GPO parameters are treated as independent entities. A user can remove application server GPOs independent of the SGs and the domains where these SGs exist. Every SG that is removed from the DA deployment is removed from all application server GPOs currently present.
The following additional capabilities of this cmdlet justify its need though AD cmdlets are already available for the deletion of SGs and GPOs.
-- When an SG is removed it is removed in all GPOs. Additionally, if user does not have permissions to edit a GPO the SG is not removed from any of the GPOs. When using the AD cmdlet user would have to carefully ensure that it is run for each of the domains and it is difficult to handle the case where he does not have permissions on some domains.
-- With the above described paradigm there is still a need to parse an SG to remove independent application servers in the SG because every application server has a unique IP address that is used in the client policy that needs to be removed. This functionality is handled by this cmdlet.
-- When a GPO is removed all SGs are removed from the GPO and the application server specific policies are also removed. The cmdlet takes care of the conditions where the GPO is removed only if it was originally created at the time of adding. If the GPO is already present at the time of adding, then it is merely edited.

App Server configuration is a global configuration and is applicable to all DA servers in the enterprise deployment even when there is multi-site enterprise deployment.

Following are additional behavioral notes for this cmdlet.
-- If a nested SG has to be removed, then the cmdlet recursively parses the SG so that all servers are retrieved and policies can be removed accordingly.
-- Removing a domain deletes the application server GPO only if it was created at the time of addition. If it was already present, then only the DA related policies and settings are wiped out and the GPO is left intact.
-- Deletion of all app server GPOs and SGs is a permitted operation.
-- When removing SGs if the user does not have the permissions to configure even one app server GPO among the many that might be present, then this cmdlet terminates the processing of the entire list of SGs specified. However, this cmdlet still processes any GPOs that the user might have specified to remove.
-- When removing GPOs if the user does not have the permissions to remove or configure one of the specified GPOs, then the cmdlet still proceeds with the processing of the remaining GPOs in the list.

매개 변수

-CimSession<CimSession[]>

원격 세션이나 원격 컴퓨터에서 cmdlet을 실행합니다. 컴퓨터 이름이나 New-CimSession 또는 Get-CimSession cmdlet의 출력과 같은 세션 개체를 입력하세요. 기본값은 로컬 컴퓨터 상의 현재 세션입니다.


별칭

Session

필수 여부

false

위치

named

기본값

none

파이프라인 입력 허용 여부

false

와일드카드 문자 허용 여부

false

-ComputerName<String>

Specifies the IPv4 or IPv6 address, or host name, of the computer on which the Remote Access server computer specific tasks should be run.


별칭

Cn

필수 여부

false

위치

named

기본값

none

파이프라인 입력 허용 여부

false

와일드카드 문자 허용 여부

false

-DomainName<String[]>

Specifies the list of domains from which application server GPOs need to be removed. A domain is specified in the DOMAIN format.


별칭

none

필수 여부

false

위치

named

기본값

none

파이프라인 입력 허용 여부

True (ByPropertyName)

와일드카드 문자 허용 여부

false

-InformationAction<System.Management.Automation.ActionPreference>

별칭

infa

필수 여부

false

위치

named

기본값

none

파이프라인 입력 허용 여부

false

와일드카드 문자 허용 여부

false

-InformationVariable<System.String>

별칭

iv

필수 여부

false

위치

named

기본값

none

파이프라인 입력 허용 여부

false

와일드카드 문자 허용 여부

false

-Name<String[]>

Specifies the list of application servers that have to be deleted from the DA deployment. The servers are specified by using the host names and are deleted from the SG specified by the SecurityGroupName parameter. The servers cannot be specified by their IPv4 or IPv6 addresses.


별칭

none

필수 여부

true

위치

2

기본값

none

파이프라인 입력 허용 여부

True (ByPropertyName)

와일드카드 문자 허용 여부

false

-PassThru

작업 중인 항목을 나타내는 개체를 반환합니다. 기본적으로 이 cmdlet은 출력을 생성하지 않습니다.


별칭

none

필수 여부

false

위치

named

기본값

none

파이프라인 입력 허용 여부

false

와일드카드 문자 허용 여부

false

-SecurityGroupName<String>

Specifies the name of a SG that is already part of the DA deployment from which the specified list of app servers should be deleted. Specified in DOMAIN\SG_NAME format.


별칭

none

필수 여부

true

위치

3

기본값

none

파이프라인 입력 허용 여부

True (ByPropertyName)

와일드카드 문자 허용 여부

false

-SecurityGroupNameList<String[]>

Specifies the list of application server SGs that are to be deleted from the DA deployment. Each SG is specified in DOMAIN\SG_NAME format.


별칭

none

필수 여부

false

위치

named

기본값

none

파이프라인 입력 허용 여부

True (ByPropertyName)

와일드카드 문자 허용 여부

false

-ThrottleLimit<Int32>

Cmdlet을 실행하도록 설정할 수 있는 동시 작업의 최대 수를 지정합니다. 이 매개 변수를 생략하거나 값으로 0 을 입력하면 Windows PowerShell®은 컴퓨터에서 실행 중인 CIM cmdlet의 수에 따라 cmdlet에 대한 최적의 스로틀 제한을 계산합니다. 스로틀 제한은 현재 cmdlet에만 적용되고, 세션이나 컴퓨터에는 적용되지 않습니다.


별칭

none

필수 여부

false

위치

named

기본값

none

파이프라인 입력 허용 여부

false

와일드카드 문자 허용 여부

false

-Confirm

cmdlet을 실행하기 전에 확인 메시지를 표시합니다.


필수 여부

false

위치

named

기본값

false

파이프라인 입력 허용 여부

false

와일드카드 문자 허용 여부

false

-WhatIf

cmdlet이 실행되는 경우 발생할 결과를 보여 줍니다. cmdlet은 실행되지 않습니다.


필수 여부

false

위치

named

기본값

false

파이프라인 입력 허용 여부

false

와일드카드 문자 허용 여부

false

<CommonParameters>

이 cmdlet은 -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, -OutVariable 등의 일반 매개 변수를 지원합니다. 자세한 내용은 TechNet의 about_CommonParameters(http://go.microsoft.com/fwlink/p/?LinkID=113216)

<WorkflowParameters>

입력

입력 형식은 cmdlet으로 파이프할 수 있는 개체의 형식입니다.

  • None

출력

출력 형식은 cmdlet 실행 시 출력되는 개체의 형식입니다.

  • Microsoft.Management.Infrastructure.CimInstance#DAAppServer

    Microsoft.Management.Infrastructure.CimInstance 개체는 WMI(Windows Management Instrumentation) 개체를 표시하는 래퍼 클래스입니다. 파운드 기호(#) 뒤의 경로는 기본 WMI 개체에 대한 네임 스페이스 및 클래스 이름을 제공합니다.
    The DAAppServer object consists of the following properties:
    -- The list of application server security groups each security group is specified in the Domain\GroupName format.
    -- The list of application server GPOs: each GPO is specified in the Domain\GPOName format.
    -- The properties of the connection to the application server.
    -- Status of IPsec traffic protection: Enabled or Disabled.


EXAMPLE 1

This example deletes the daAppServerGrp SG from all GPOs. In current setup, daAppServerGrp was the only SG present, therefore the application server GPO (such as corp.contoso.com\DirectAccess Application Server Settings) is also removed automatically.


PS C:\> Remove-DAAppServer -SecurityGroupNameList daAppServerGrp

EXAMPLE 2

This example deletes the computer named da-test-0807 from SG daAppServerGrp. The SG continues to be a part of DA Configuration.


PS C:\> Remove-DAAppServer -SecurityGroupName daAppServerGrp -Name "da-test-0807"

EXAMPLE 3

This example removes the application server GPO in the DA configuration from the corp.contoso.com domain.


PS C:\> Remove-DAAppServer -DomainName "corp.contoso.com"

관련 항목

커뮤니티 추가 항목

추가
표시: