Remove-AdmAccountToken

Removes one or more REST API access tokens for a specified account.

Description

The Remove-AdmAccountToken cmdlet removes one or more access tokens for a specified account.

You can remove a specific token by providing its name, or remove all tokens for an account by omitting the Name parameter.

Examples

Example 1 – Remove all tokens for an account

Remove-AdmAccountToken -Identity "CN=SvcAcc_HR,OU=Service Accounts,DC=domain,DC=com" `
                       -AdaxesService "adaxes.domain.com"

This command removes all access tokens for the SvcAcc_HR service account.

Example 2 – Remove a specific token by name

Remove-AdmAccountToken -Identity "domain\SvcAcc_Admin" `
                       -Name "SuperAdminToken" `
                       -AdaxesService "adaxes.domain.com"

This command removes a specific token named SuperAdminToken for the domain\SvcAcc_Admin account.

Parameters

-Identity

Specifies the account whose tokens to remove. You can identify the account by one of the following properties:

• Distinguished name (DN)
• GUID (objectGUID)
• Security identifier (objectSid)
• SAM account name (sAMAccountName)
• Username (userPrincipalName)

This parameter can also get an account object through the pipeline, or you can set this parameter to an account object instance from a variable.

-Name

Specifies the name of the token to remove.

If this parameter is omitted, the cmdlet removes all tokens that belong to the account specified in the Identity parameter.

-AdaxesService

Specifies the DNS host name of the Adaxes service that will be used to execute this cmdlet.

-Credential

Specifies the user account credentials to run this cmdlet as.

• Adaxes service administrators can remove tokens for any account
• Entra users cannot remove tokens at all
• Other users can remove tokens only for their own account

To specify this parameter, you can type a username, such as j.smith@domain.com or DOMAIN\j.smith or you can specify a PSCredential object. If you specify a username for this parameter, the cmdlet prompts for a password.

You can also create a PSCredential object by using a script or the Get-Credential cmdlet.

By default, the cmdlet uses the credentials of the signed in user when run from an external PowerShell session, and the credentials of the Adaxes service account when run from a script inside Adaxes.

-Server

Specifies the domain or directory server to connect to. The cmdlet will attempt to locate the account from the Identity parameter via the specified server.

You can specify a domain or server in one of the following formats.

Domain names:

• NetBIOS name (e.g. CORP)
• Fully qualified domain name (e.g. corp.contoso.com)

Directory servers:

• NetBIOS name (e.g. DC01)
• Fully qualified host name (e.g. dc01.corp.contoso.com)
• Fully qualified host name and port (e.g. dc01.corp.contoso.com:3268)

The default value is determined in the following order:

• From the Server property of objects passed through the pipeline.
• From the Adaxes PowerShell provider drive, if applicable.
• From the domain of the local computer.

-Confirm

Prompts you for confirmation before executing the command.

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Inputs

None or Softerra.Adaxes.PowerShellModule.Directory.ADAccount

You can pipe account objects from Adaxes cmdlets (e.g. Get-AdmUser) to the Identity parameter.

Derived types, such as the following are also accepted:

• Softerra.Adaxes.PowerShellModule.Directory.ADUser
• Softerra.Adaxes.PowerShellModule.Directory.ADComputer

Outputs

None

See also

• REST API overview
• Get-AdmAccountToken
• New-AdmAccountToken
• IAccountTokenOps
• AccountToken