Edit

Share via

Add-KdsRootKey

Module:
kds module

Generates a new root key for the Microsoft Group KdsSvc within Active Directory.

Syntax

EffectiveTime (Default) 

Add-KdsRootKey
    [[-EffectiveTime] <DateTime>]
    [-LocalTestOnly]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

EffectiveImmediately 

Add-KdsRootKey
    [-LocalTestOnly]
    [-EffectiveImmediately]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Description

The Add-KdsRootKey cmdlet generates a new root key for the Microsoft Group Key Distribution Service (KdsSvc) within Active Directory. The Microsoft Group KdsSvc generates new group keys from the new root key. It is required to run this only once per forest.

Examples

Example 1: Generate a new root key

PS C:\> Add-KdsRootKey

This command generates a new root key for the Microsoft Group KdsSvc within Active Directory.

Example 2: Generate a new root key for immediate use

PS C:\> Add-KdsRootKey -EffectiveImmediately

This command generates a new root key immediately and adds it to the Microsoft Group KdsSvc.

Example 3: Generate a new root key which takes effect on a specific date

PS C:\> Add-KdsRootKey -EffectiveTime 03/23/2013

This command generates a new root key for the Microsoft Group KdsSvc which takes effect on the date 03/23/2013. Use the mm/dd/yyyy format.

Example 4: Generate a new root key on the local host only

PS C:\> Add-KdsRootKey -LocalTestOnly

This command generates a new root key on the local host only.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Parameter properties

Type:SwitchParameter
Default value:False
Supports wildcards:False
DontShow:False
Aliases:cf

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-EffectiveImmediately

Indicates that the Microsoft Group Key Distribution Service immediately uses the new root key.

Parameter properties

Type:SwitchParameter
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

EffectiveImmediately
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-EffectiveTime

Specifies the date on which the newly generated root key takes effect. If this parameter is not specified, the default date set is 10 days after the current date.

Parameter properties

Type:DateTime
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

EffectiveTime
Position:0
Mandatory:False
Value from pipeline:True
Value from pipeline by property name:False
Value from remaining arguments:False

-LocalTestOnly

Indicates that the new root key is generated on the local host only. This parameter is used with the Set-KdsConfiguration cmdlet to test the local server configuration.

If this parameter is specified, then the cmdlet returns a value that indicates whether the test passed.

If this parameter is not specified, then the cmdlet returns the identifier (ID) of the root key when the operation succeeds.

Parameter properties

Type:SwitchParameter
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Parameter properties

Type:SwitchParameter
Default value:False
Supports wildcards:False
DontShow:False
Aliases:wi

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

None

This cmdlet accepts no input objects.

Outputs

Boolean

Guid