Add-KdsRootKey
Add-KdsRootKey
Generates a new root key for the Microsoft Group Key Distribution Service (KdsSvc) within Active Directory (AD).
Syntax
Parameter Set: EffectiveTime
Add-KdsRootKey [[-EffectiveTime] <DateTime> ] [-LocalTestOnly] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: EffectiveImmediately
Add-KdsRootKey -EffectiveImmediately [-LocalTestOnly] [-Confirm] [-WhatIf] [ <CommonParameters>]
Detailed Description
The Add-KdsRootKey cmdlet generates a new root key for the Microsoft Group Key Distribution Service (KdsSvc) within Active Directory (AD). The Microsoft Group KdsSvc generates new group keys from the new root key.
Parameters
-EffectiveImmediately
Indicates that the Microsoft Group Key Distribution Service immediately uses the new root key.
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-EffectiveTime<DateTime>
Specifies the date on which the newly generated root key takes effect. If this parameter is not specified, the default date set is 10 days after the current date.
Aliases |
none |
Required? |
false |
Position? |
1 |
Default Value |
none |
Accept Pipeline Input? |
True (ByValue) |
Accept Wildcard Characters? |
false |
-LocalTestOnly
Indicates that the new root key is generated on the local host only. This parameter is used with the Set-KdsConfigurationSet-KdsConfiguration cmdlet to test the local server configuration.
If this parameter is specified, then the cmdlet returns a value that indicates whether the test passed.
If this parameter is not specified, then the cmdlet returns the identifier (ID) of the root key when the operation succeeds.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-Confirm
Prompts you for confirmation before running the cmdlet.
Required? |
false |
Position? |
named |
Default Value |
false |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? |
false |
Position? |
named |
Default Value |
false |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).
Inputs
The input type is the type of the objects that you can pipe to the cmdlet.
None
This cmdlet accepts no input objects.
Outputs
The output type is the type of the objects that the cmdlet emits.
- System.Boolean
- System.Guid
Examples
Example 1: Generate a new root key
This example generates a new root key for the Microsoft Group KdsSvc within AD.
PS C:\> Add-KdsRootKey
Example 2: Generate a new root key for immediate use
This example generates a new root key immediately and adds it to the Microsoft Group KdsSvc.
PS C:\> Add-KdsRootKey -EffectiveImmediately
Example 3: Generate a new root key which takes effect on a specific date
This example generates a new root key for the Microsoft Group KdsSvc which takes effect on the specified date 03/06/2013 using the mm/dd/yyyy format.
PS C:\> Add-KdsRootKey –EffectiveTime "03/06/2013"
Example 4: Generate a new root key on the local host only
This example generates a new root key on the local host only.
PS C:\> Add-KdsRootKey –LocalTestOnly