• Products
    • View all products
    • Free trials
  • Solutions
    • All Solutions
    • All Integrations
  • Resources
    • All Resources
    • Learning Hub
  • Trials
  • Support
    • Support Home
    • By Product
      • All Products
      • Active Roles
      • Authentication Services
      • Cloud Access Manager
      • Defender
      • Identity Manager
      • Password Manager
      • Safeguard
      • Starling Identity Analytics & Risk Intelligence
      • Starling Two-Factor Authentication
      • TPAM Appliance
    • Contact Support
      • Overview
      • Customer Service
      • Licensing Assistance
      • Renewal Assistance
      • Technical Support
    • Download Software
    • Knowledge Base
    • My Account
      • My Products
      • My Service Requests
      • My Licenses
      • My Groups
      • My Profile
    • Policies & Procedures
    • Professional Services
    • Technical Documentation
    • One Identity University
    • User Forums
    • Video Tutorials
  • Partners
    • Overview
    • Partner Circle Log In
    • Become a Partner
    • Find a Partner
    • Partner Community
  • Communities
    • Home
    • Blogs
      • Blogs A to Z
      • One Identity Community
      • AD Account Lifecycle Management
      • Cloud
      • Identity Governance & Administration
      • Privileged Access Management
      • syslog-ng Community
    • Forums
      • All Product Forums
      • Active Roles
      • Identity Manager
      • Password Manager
      • Safeguard
      • Unix Access Management
    • Social Networks
      • Facebook
      • LinkedIn
      • Twitter
      • YouTube
One Identity Community
One Identity Community
  • Site
  • User
  • Site
  • Search
  • User
Active Roles Community
Active Roles Community
Wiki PowerShell: Update Property Generation and Validation policy with a new possible value list
  • Forum
  • Ideas
  • Wiki
  • More
  • Cancel
  • New
  • -Active Roles Script Center
    • +Active Roles Script Policy Best Practices
    • Active Roles SDK
    • +C#
    • +JavaScript
    • -PowerShell
      • PowerShell Library Source Code
      • -PowerShell samples
        • Alert on pending approval request expiration
        • Building a Managed Unit Dynamically
        • Calculate user mailbox size
        • Checking the uniqueness of a property
        • Create Dynamic Group in PowerShell
        • Export Domain Users to a .csv file
        • Functions for creation of Policy links
        • Get Active Roles Management Shell Module version (with build number)
        • Home Folder Move with User Moves
        • How to schedule the Active Roles Management shell
        • Populating a custom Virtual Attribute with a readable accountExpires timestamp using an Active Roles Policy Script
        • PowerShell: Update Property Generation and Validation policy with a new possible value list
        • Random Password Generation
        • Renaming a user post-creation
        • Working with the mS-DS-ConsistencyGuid attribute
    • +VBScript

PowerShell: Update Property Generation and Validation policy with a new possible value list

DESCRIPTION

This sample demonstrates how to use PowerShell to add a new value ('zzz') to ARS PGV policy's possible value list


Note This code may use functions from the Active Roles Script Policy Best Practices. Please, follow the link to obtain instructions and code for those functions.


SCRIPT

 

#*********************************************************************************

# THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,

# EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED

# WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.

#

# IF YOU WANT THIS FUNCTIONALITY TO BE CONDITIONALLY SUPPORTED,

# PLEASE CONTACT ONE IDENTITY PROFESSIONAL SERVICES.

#*********************************************************************************

##----- get the policy object from ARS -----

$obj = [ADSI]'EDMS://CN=Sample Policy,CN=Administration,CN=Policies,CN=Configuration'

##----- get string with the PVG (35) rule (2) -----

$rule = $obj._NewEnum | where {$_.Type -eq 35} | %{$_._NewEnum} | where {$_.Name -eq 2} | %{$_.Value}

##----- convert the string to XML -----

$xml = [xml]$rule

##----- get possible values from the XML -----

$values = $xml.PVGRules.PVRuleItem.value | %{$_.'#text'}

##----- add a new possible value and sort -----

$values = $values + 'zzz' | sort

##----- update the XML with the new possible values -----

$xml.PVGRules.PVRuleItem.InnerXML = $values | %{ '<value linkID="or" displayName="">' + $_ + '</value>' }

##----- get string with the new rule -----

$rule = $xml.OuterXml

##----- update the PVG (35) rule( 2) -----

$obj._NewEnum | where {$_.Type -eq 35} | %{$_._NewEnum} | where {$_.Name -eq 2} | %{$_.Value = $rule}

##----- apply changes to ARS ------

$obj.CommitChanges()

#***** END OF CODE ***************************************************************

  • Script Center: PowerShell
  • Script Center
  • Share
  • History
  • More
  • Cancel
Related
Recommended
  • Company
    • About Us
    • Buy
    • Careers
    • Contact Us
    • News
  • Resources
    • Blogs
    • Customer Stories
    • Documents
    • Events
    • Videos
  • Support
    • Professional Services
    • Renew Support
    • Technical Support
    • One Identity University
    • Support Service
  • Social Networks
    • Facebook
    • Instagram
    • LinkedIn
    • Twitter
    • YouTube
  • © 2025 One Identity LLC. ALL RIGHTS RESERVED.
  • Legal
  • Terms of Use
  • Privacy
  • Community Feedback & Support
  • Cookie Preference Center