Install-AdcsNetworkDeviceEnrollmentService
Install-AdcsNetworkDeviceEnrollmentService
Installs Network Device Enrollment Service
Syntaxe
Parameter Set: DefaultParameterSet
Install-AdcsNetworkDeviceEnrollmentService [-ApplicationPoolIdentity] [-CAConfig <String> ] [-Credential <PSCredential> ] [-EncryptionKeyLength <Int32> ] [-EncryptionProviderName <String> ] [-Force] [-RACity <String> ] [-RACompany <String> ] [-RACountry <String> ] [-RADepartment <String> ] [-RAEmail <String> ] [-RAName <String> ] [-RAState <String> ] [-SigningKeyLength <Int32> ] [-SigningProviderName <String> ] [ <CommonParameters>]
Parameter Set: ServiceAccountParameterSet
Install-AdcsNetworkDeviceEnrollmentService -ServiceAccountName <String> -ServiceAccountPassword <SecureString> [-CAConfig <String> ] [-Credential <PSCredential> ] [-EncryptionKeyLength <Int32> ] [-EncryptionProviderName <String> ] [-Force] [-RACity <String> ] [-RACompany <String> ] [-RACountry <String> ] [-RADepartment <String> ] [-RAEmail <String> ] [-RAName <String> ] [-RAState <String> ] [-SigningKeyLength <Int32> ] [-SigningProviderName <String> ] [ <CommonParameters>]
Description détaillée
The Install-AdcsNetworkDeviceEnrollmentService cmdlet performs the configuration of the Network Device Enrollment Service (NDES) role service.
To remove the NDES role service, use the Uninstall-AdcsNetworkDeviceEnrollmentService cmdlet
You can import the cmdlet by running the following commands from Windows PowerShell:
Import-Module ServerManager
Add-WindowsFeature Adcs-Device-Enrollment
Int is equivalent to Int32 in the .NET Framework (https://msdn.microsoft.com/en-us/library/ya5y69ds.aspx).
Paramètres
-ApplicationPoolIdentity
Specifies the identity that the Network Device Enrollment Service (NDES) will use when communicating with the certification authority (CA). This parameter is only valid when NDES is using a remote CA. If the CA is local, the application pool identity account cannot be used.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
true (ByPropertyName) |
Accepter les caractères génériques ? |
false |
-CAConfig<String>
Specifies remote certification authority (CA) that the Network Device Enrollment Service uses. This parameter is mandatory when used within the ApplicationPoolIdentity parameter. Do not use this parameter when a local CA is installed.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
true (ByPropertyName) |
Accepter les caractères génériques ? |
false |
-Credential<PSCredential>
The Network Device Enrollment Service (NDES) must be installed on a server that is a member of an Active Directory Domain Services (AD DS) domain. If NDES is configured to use a Standalone certification authority (CA), then an account that is a member of the local Administrators on the CA is required. If NDES is installed to use an Enterprise CA, then using an account that is a member of Domain Admins group is required.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
true (ByPropertyName) |
Accepter les caractères génériques ? |
false |
-EncryptionKeyLength<Int32>
Specifies the encryption key length. This option is not valid if you use existing keys during installation.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
true (ByPropertyName) |
Accepter les caractères génériques ? |
false |
-EncryptionProviderName<String>
Specifies the name of the encryption provider, such as the name of cryptographic service provider (CSP).
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
true (ByPropertyName) |
Accepter les caractères génériques ? |
false |
-Force
Force la commande à s’exécuter sans demander confirmation à l’utilisateur.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
false |
Accepter les caractères génériques ? |
false |
-RACity<String>
Specifies the city of the registration authority.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
true (ByPropertyName) |
Accepter les caractères génériques ? |
false |
-RACompany<String>
Specifies the organization or company that the registration authority represents.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
true (ByPropertyName) |
Accepter les caractères génériques ? |
false |
-RACountry<String>
Specifies the country of the registration authority.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
true (ByPropertyName) |
Accepter les caractères génériques ? |
false |
-RADepartment<String>
Specifies the department of the registration authority.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
true (ByPropertyName) |
Accepter les caractères génériques ? |
false |
-RAEmail<String>
Specifies the email address of the registration authority.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
true (ByPropertyName) |
Accepter les caractères génériques ? |
false |
-RAName<String>
Specifies the name of the Network Device Enrollment Service registration authority.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
true (ByPropertyName) |
Accepter les caractères génériques ? |
false |
-RAState<String>
Specifies the state or province (geographical political boundary), if applicable, of the registration authority.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
true (ByPropertyName) |
Accepter les caractères génériques ? |
false |
-ServiceAccountName<String>
Specifies the name of the account that is used by the Network Device Enrollment Service.
Alias |
none |
Obligatoire ? |
true |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
true (ByPropertyName) |
Accepter les caractères génériques ? |
false |
-ServiceAccountPassword<SecureString>
Specifies the password of the service account that is used by the Network Device Enrollment Service.
Alias |
none |
Obligatoire ? |
true |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
true (ByPropertyName) |
Accepter les caractères génériques ? |
false |
-SigningKeyLength<Int32>
Specifies the signing key length.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
true (ByPropertyName) |
Accepter les caractères génériques ? |
false |
-SigningProviderName<String>
Specifies the name of the signing device.
Alias |
none |
Obligatoire ? |
false |
Position ? |
named |
Valeur par défaut |
none |
Accepter l’entrée de pipeline ? |
true (ByPropertyName) |
Accepter les caractères génériques ? |
false |
<CommonParameters>
Cette applet de commande prend en charge les paramètres courants : -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer et -OutVariable. Pour plus d’informations, consultez about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).
Entrées
Le type d’entrée correspond au type des objets que vous pouvez transmettre à l’applet de commande.
- bool, int, string, string, string, string, string, string, string, string, string, SecurePassword, int, string
Sorties
Le type de sortie est le type des objets émis par l’applet de commande.
- Microsoft.CertificateServices.Deployment.Commands.NDES.NetworkDeviceEnrollmentServiceResult
Remarques
- Ensure you run Windows PowerShell as an administrator. You can use the -f switch to bypass the prompt for confirmation.
To see parameters, run the following command: install-AdcsNetworkDeviceEnrollmentService -?
Exemples
-------------------------- EXAMPLE 1 --------------------------
Description
-----------
This command displays the default Network Device Enrollment Service settings when the service is running as the default application identity without making any changes to the configuration.
C:\PS>Install-AdcsNetworkDeviceEnrollmentService -ApplicationPoolIdentity -WhatIf
-------------------------- EXAMPLE 2 --------------------------
Description
-----------
This command displays the default settings when NDES is using a service account without making any changes to the configuration. This command assumes that the <Domain>\<AccountName> service account is a member of the local machine's IIS_USRS group. Substitute the domain name for <Domain> and the user account name for <AccountName>.
C:\PS>Install-AdcsNetworkDeviceEnrollmentService -ServiceAccountName <Domain>\<AccountName> -ServiceAccountPassword (read-host "Set user password" -assecurestring) -WhatIf
-------------------------- EXAMPLE 3 --------------------------
Description
-----------
This command installs the Network Device Enrollment Service using the application pool identity to use a remote CA as specified by the CA computer <CACompterName>\<CACommonName>. Substitute the appropriate CA computer name and common name for <CAComputerName> and <CACommonName>.
C:\PS>Install-AdcsNetworkDeviceEnrollmentService -ApplicationPoolIdentity -CAConfig <CAComputerName>\<CACommonName>
-------------------------- EXAMPLE 4 --------------------------
Description
-----------
This command installs the Network Device Enrollment Service using a specific service account, which is indicated by <Domain>\<AccountName>. The command also specifies several non-default parameters. The example assumes that the <Domain>\<AccountName> user/service account is a member of the local machine's IIS_USRS group. Substitute the domain name for <Domain> and the user account name for <AccountName>.
C:\PS>Install-AdcsNetworkDeviceEnrollmentService -ServiceAccountName MyDomain\AccountName -ServiceAccountPassword (read-host "Set user password" -assecurestring) -CAConfig "CAMachineName\CAName" -RAName "Contoso-NDES-RA" -RACountry "US" -RACompany "Contoso" -SigningProviderName "Microsoft Strong Cryptographic Provider" -SigningKeyLength 4096 -EncryptionProviderName "Microsoft Strong Cryptographic Provider" -EncryptionKeyLength 4096