Install-AdcsNetworkDeviceEnrollmentService
Installs Network Device Enrollment Service
Syntax
Install-AdcsNetworkDeviceEnrollmentService
[-ApplicationPoolIdentity]
[-RAName <String>]
[-RAEmail <String>]
[-RACompany <String>]
[-RADepartment <String>]
[-RACity <String>]
[-RAState <String>]
[-RACountry <String>]
[-SigningProviderName <String>]
[-SigningKeyLength <Int32>]
[-EncryptionProviderName <String>]
[-EncryptionKeyLength <Int32>]
[-CAConfig <String>]
[-Force]
[-Credential <PSCredential>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Install-AdcsNetworkDeviceEnrollmentService
-ServiceAccountName <String>
-ServiceAccountPassword <SecureString>
[-RAName <String>]
[-RAEmail <String>]
[-RACompany <String>]
[-RADepartment <String>]
[-RACity <String>]
[-RAState <String>]
[-RACountry <String>]
[-SigningProviderName <String>]
[-SigningKeyLength <Int32>]
[-EncryptionProviderName <String>]
[-EncryptionKeyLength <Int32>]
[-CAConfig <String>]
[-Force]
[-Credential <PSCredential>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Install-AdcsNetworkDeviceEnrollmentService cmdlet performs the configuration of the Network Device Enrollment Service (NDES) role service.
To remove the NDES role service, use the Uninstall-AdcsNetworkDeviceEnrollmentService cmdlet
You can import the cmdlet by running the following commands from Windows PowerShell: Import-Module ServerManager Add-WindowsFeature Adcs-Device-Enrollment
Int is equivalent to Int32 in the .NET Frameworkhttp://msdn.microsoft.com/en-us/library/ya5y69ds.aspx (http://msdn.microsoft.com/en-us/library/ya5y69ds.aspx).
Examples
Example 1: Display the default NDES settings
PS C:\> Install-AdcsNetworkDeviceEnrollmentService -ApplicationPoolIdentity -WhatIf
This command displays the default NDES settings that will be configured if it is installed.
Example 2: Display the default NDES settings using a service account name and password
PS C:\> Install-AdcsNetworkDeviceEnrollmentService -ServiceAccountName "CONTOSO\svcNDES" -ServiceAccountPassword (read-host "Set user password" -assecurestring) -WhatIf
This command displays the default settings when NDES is using a service account without making any changes to the configuration. This command uses the service account named CONTOSO\svcNDES that is a member of the local computer's IIS_USRS group.
Example 3: Install NDES using the application pool identity
PS C:\> Install-AdcsNetworkDeviceEnrollmentService -ApplicationPoolIdentity -CAConfig "<CAComputerName>\<CACommonName>"
This command installs NDES using the application pool identity to use a remote CA as specified by the CA computer <CAComputerName>\<CACommonName>
.
Substitute the appropriate CA computer name and common name for <CAComputerName>
and <CACommonName>
.
Example 4: Install NDES using a specific service account
PS C:\> Install-AdcsNetworkDeviceEnrollmentService -ServiceAccountName "CONTOSO\svcNDES" -ServiceAccountPassword (read-host "Set user password" -assecurestring) -CAConfig "CAComputerName\CAName" -RAName "Contoso-NDES-RA" -RACountry "US" -RACompany "Contoso" -SigningProviderName "Microsoft Strong Cryptographic Provider" -SigningKeyLength 4096 -EncryptionProviderName "Microsoft Strong Cryptographic Provider" -EncryptionKeyLength 4096
This command installs the NDES using a service account named CONTOSO\svcNDES that is a member of the local computer's IIS_USRS group. The command also specifies several non-default parameters.
Description
This command installs the Network Device Enrollment Service using a specific service account, which is indicated by <Domain>\<AccountName>. The command also specifies several non-default parameters. The example assumes that the <Domain>\<AccountName> user/service account is a member of the local machine's IIS_USRS group. Substitute the domain name for <Domain> and the user account name for <AccountName>.
Parameters
-ApplicationPoolIdentity
Specifies the identity that the Network Device Enrollment Service (NDES) will use when communicating with the certification authority (CA). This parameter is only valid when NDES is using a remote CA. If the CA is local, the application pool identity account cannot be used.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-CAConfig
Specifies remote certification authority (CA) that the Network Device Enrollment Service uses. This parameter is mandatory when used within the ApplicationPoolIdentity parameter. Do not use this parameter when a local CA is installed.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Credential
The Network Device Enrollment Service (NDES) must be installed on a server that is a member of an Active Directory Domain Services (AD DS) domain. If NDES is configured to use a Standalone certification authority (CA), then an account that is a member of the local Administrators on the CA is required. If NDES is installed to use an Enterprise CA, then using an account that is a member of Domain Admins group is required.
Type: | PSCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-EncryptionKeyLength
Specifies the encryption key length. This option is not valid if you use existing keys during installation.
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-EncryptionProviderName
Specifies the name of the encryption provider, such as the name of cryptographic service provider (CSP).
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Force
Forces the command to run without asking for user confirmation.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-RACity
Specifies the city of the registration authority.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-RACompany
Specifies the organization or company that the registration authority represents.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-RACountry
Specifies the country/region of the registration authority.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-RADepartment
Specifies the department of the registration authority.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-RAEmail
Specifies the email address of the registration authority.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-RAName
Specifies the name of the Network Device Enrollment Service registration authority.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-RAState
Specifies the state or province (geographical political boundary), if applicable, of the registration authority.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ServiceAccountName
Specifies the name of the account that is used by the Network Device Enrollment Service.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ServiceAccountPassword
Specifies the password of the service account that is used by the Network Device Enrollment Service.
Type: | SecureString |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-SigningKeyLength
Specifies the signing key length.
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-SigningProviderName
Specifies the name of the signing device.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
bool, int, string, string, string, string, string, string, string, string, string, SecurePassword, int, string
Outputs
Microsoft.CertificateServices.Deployment.Commands.NDES.NetworkDeviceEnrollmentServiceResult
Notes
- Ensure you run Windows PowerShell as an administrator. You can use the -f switch to bypass the prompt for confirmation. To see parameters, run the following command: install-AdcsNetworkDeviceEnrollmentService -?
Related Links
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for