Another plug to my fellow Questees who have gone PowerShell (that’s the deal we have here at Quest – you add PowerShell to your product and get a special blog mention and lots of happy customers!). Quest’s Defender (Two-Factor/Multi-Factor Authentication solution) team has just updated their PowerShell module and there’s quite a few useful cmdlets for user provisioning, de-provisioning and general Defender auditing / administration.
For example, for User provisioning, there’s ability to batch-assign tokens to users and provide either unique Personal Identification Numbers (PINs) or set a known PIN to expire on first use so that end users can then create their own:
To assist with the de-provisioning of users accounts from Active Directory when a user has left the company simple commands such as Remove-AllTokensFromUser could be used to ensure all tokens that have been assigned to a user are removed.
For auditing and general administration a number of cmdlets are available, for example, it may be useful for auditing purposes to know which users have authenticated using Defender at any time or for a given period:
Here’s full list of what we’ve got in this release:
- Add-TokenToUser
- Add-TokenToUserBatch
- Find-DefenderToken
- Get-DefenderLicense
- Get-DefenderUsersLastLogon
- Get-TokensForUser
- Get-UnactivatedSoftwareTokens
- Get-UsersForToken
- Remove-AllTokensFromUser
- Remove-DefenderPassword
- Remove-PINFromUserToken
- Remove-TemporaryResponse
- Remove-TokenFromUser
- Remove-TokenFromUserBatch
- Reset-DefenderToken
- Reset-DefenderViolationCount
- Set-DefenderPassword
- Set-PINOnUserToken
- Set-TemporaryResponse
- Test-DefenderToken
As you can see this is a lot more than what we could previously provide with the AD cmdlets integration that we had.
You can get a free trial of Defender here.