Another plug to my fellow Questees who have gone PowerShell (that’s the deal we have here at Quest – you add PowerShell to your product and get a special blog mention and lots of happy customers!). Quest’s Defender (Two-Factor/Multi-Factor Authentication solution) team has just updated their PowerShell module and there’s quite a few useful cmdlets for user provisioning, de-provisioning and general Defender auditing / administration.
For example, for User provisioning, there’s ability to batch-assign tokens to users and provide either unique Personal Identification Numbers (PINs) or set a known PIN to expire on first use so that end users can then create their own:
To assist with the de-provisioning of users accounts from Active Directory when a user has left the company simple commands such as Remove-AllTokensFromUser could be used to ensure all tokens that have been assigned to a user are removed.
For auditing and general administration a number of cmdlets are available, for example, it may be useful for auditing purposes to know which users have authenticated using Defender at any time or for a given period:
Here’s full list of what we’ve got in this release:
As you can see this is a lot more than what we could previously provide with the AD cmdlets integration that we had.
You can get a free trial of Defender here.