MIISkmu: Encryption Key Management Tool

  • Article

Exports the Microsoft® Forefront Identity Manager (FIM) 2010 R2 security encryption key to a binary file. When you use the miiskmu command without parameters, it starts a wizard that can add new encryption keys or can also delete encrypted data from the FIM SQL Server 2008 database.

Syntax

miiskmu [/eFileName**/u**:UserName {Password | *} [/q]] | [/bBatchSize]

Parameters

/e

Exports the key set to a file.

FileName

Specifies the file name, including the path.

/u:

Specifies the Microsoft Forefront Identity Manager 2010 R2 service account credentials.

UserName

The Microsoft Forefront Identity Manager 2010 R2 service account name. Miiskmu supports the following formats:

  • [Domain\]UserName

  • [Domain.com\]UserName

  • UserName@Domain.com

  • Password

Specifies the password for the Microsoft Forefront Identity Manager 2010 R2 service account. Use * to prompt for the password.

/q

Specifies quiet mode

/b

Processes the objects in batches. If this parameter is not specified, all objects will be processed in one batch.

BatchSize

The number of objects to process in each batch, specified as an integer.

/?

Displays help at the command prompt.

Remarks

  • Miiskmu.exe is located in the InstallationDirectory\Bin folder.

  • Local Administrator privileges are required to run Miiskmu.exe.

  • Encryption keys are only accessible by the Microsoft Forefront Identity Manager 2010 R2 service account, so you must specify the Microsoft Forefront Identity Manager 2010 R2 service account credentials.

  • If you modify the encryption keys (that is, create new ones), it is strongly recommended that you update your backup copy of the encryption keys.

  • The current key set ID can be found by typing miiskmu /?.

  • If you are calling Miiskmu.exe from a batch file, prefix the command with cmd /c to have the ERRORLEVEL set to the success/error code of the operation.

Example

To save the encryption key, with a specific file name, to a floppy disk, type:

miiskmu /e a:keyback.bin /u:FIMSyncAdmin *

Formatting legend

Format Meaning

Italic

Information that the user must supply

Bold

Elements that the user must type exactly as shown

Ellipsis (...)

Parameter that can be repeated several times in a command line

Between brackets ([])

Optional items

Between braces ({}); choices separated by pipe (|). Example: {even|odd}

Set of choices from which the user must choose only one

 
Courier font

Code or program output

See Also

Concepts

Command-Line Tools