description | external help file | Module Name | ms.date | online version | schema | title |
---|---|---|---|---|---|---|
Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. |
Microsoft.CertificateServices.Deployment.Commands.dll-Help.xml |
ADCSDeployment |
12/27/2016 |
2.0.0 |
Install-AdcsNetworkDeviceEnrollmentService |
Installs the NDES role service.
Install-AdcsNetworkDeviceEnrollmentService [-ApplicationPoolIdentity]
[-RAName <String>] [-RAEmail <String>] [-RACompany <String>]
[-RADepartment <String>] [-RACity <String>] [-RAState <String>]
[-RACountry <String>] [-SigningProviderName <String>]
[-SigningKeyLength <Int32>] [-EncryptionProviderName <String>]
[-EncryptionKeyLength <Int32>] [-CAConfig <String>] [-Force]
[-Credential <PSCredential>] [-WhatIf] [-Confirm] [<CommonParameters>]
Install-AdcsNetworkDeviceEnrollmentService -ServiceAccountName <String>
-ServiceAccountPassword <SecureString> [-RAName <String>]
[-RAEmail <String>] [-RACompany <String>] [-RADepartment <String>]
[-RACity <String>] [-RAState <String>] [-RACountry <String>]
[-SigningProviderName <String>] [-SigningKeyLength <Int32>]
[-EncryptionProviderName <String>] [-EncryptionKeyLength <Int32>]
[-CAConfig <String>] [-Force] [-Credential <PSCredential>] [-WhatIf]
[-Confirm] [<CommonParameters>]
The Install-AdcsNetworkDeviceEnrollmentService
cmdlet performs the configuration of the Network
Device Enrollment Service (NDES) role service.
To remove the NDES role service, use the Uninstall-AdcsNetworkDeviceEnrollmentService
cmdlet.
You can import the cmdlet by running the following commands from Windows PowerShell:
Import-Module ServerManager
Add-WindowsFeature Adcs-Device-Enrollment
Int is equivalent to Int32 in the .NET Framework.
Install-AdcsNetworkDeviceEnrollmentService -ApplicationPoolIdentity -WhatIf
This command displays the default NDES settings that will be configured if it is installed.
$params = @{
ServiceAccountName = "CONTOSO\svcNDES"
ServiceAccountPassword = (Read-Host "Set user password" -AsSecureString)
WhatIf = $true
}
Install-AdcsNetworkDeviceEnrollmentService @params
This command displays the default settings when NDES is using a service account without making any
changes to the configuration. This command uses the service account named CONTOSO\svcNDES
that
is a member of the local computer's IIS_USRS
group.
$params = @{
ApplicationPoolIdentity = $true
CAConfig = "<CAComputerName>\<CACommonName>"
}
Install-AdcsNetworkDeviceEnrollmentService @params
This command installs NDES using the application pool identity to use a remote CA as specified by
the CA computer <CAComputerName>\<CACommonName>
. Substitute the appropriate CA computer name and
common name for <CAComputerName>
and <CACommonName>
.
$params = @{
ServiceAccountName = "CONTOSO\svcNDES"
ServiceAccountPassword = (Read-Host "Set user password" -AsSecureString)
CAConfig = "CAComputerName\CAName"
RAName = "Contoso-NDES-RA"
RACountry = "US"
RACompany = "Contoso"
SigningProviderName = "Microsoft Strong Cryptographic Provider"
SigningKeyLength = 4096
EncryptionProviderName = "Microsoft Strong Cryptographic Provider"
EncryptionKeyLength = 4096
}
Install-AdcsNetworkDeviceEnrollmentService @params
This command installs the NDES using a service account named CONTOSO\svcNDES
that is a member of
the local computer's IIS_USRS
group. The command also specifies several non-default parameters.
Indicates the identity that the Network Device Enrollment Service (NDES) uses when communicating with the certification authority (CA). This parameter is only valid when NDES is using a remote CA. If the CA is local, the application pool identity account cannot be used.
Type: SwitchParameter
Parameter Sets: DefaultParameterSet
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies the remote certification authority (CA) that the Network Device Enrollment Service uses. This parameter is mandatory when used within the ApplicationPoolIdentity parameter. Do not use this parameter when a local CA is installed.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Prompts you for confirmation before running the cmdlet.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specifies a PSCredential object that this cmdlet uses to connect to the NDES role service. To
obtain a credential object, use the Get-Credential
cmdlet. For more information, type
Get-Help Get-Credential
. The NDES must be installed on a server that is a member of an Active
Directory Domain Services (AD DS) domain. If NDES is configured to use a Standalone CA, then an
account that is a member of the local Administrators on the CA is required. If NDES is installed to
use an Enterprise CA, then using an account that is a member of Domain Admins group is required.
Type: PSCredential
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies the encryption key length. This option is not valid if you use existing keys during installation.
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies the name of the encryption provider, such as the name of cryptographic service provider (CSP).
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Forces the command to run without asking for user confirmation.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specifies the city of the registration authority.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies the organization or company that the registration authority represents.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies the country/region of the registration authority.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies the department of the registration authority.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies the email address of the registration authority.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies the name of the NDES registration authority.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies the state or province (geographical political boundary), if applicable, of the registration authority.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies the name of the account that is used by the Network Device Enrollment Service.
Type: String
Parameter Sets: ServiceAccountParameterSet
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies the password of the service account that is used by the Network Device Enrollment Service.
Type: SecureString
Parameter Sets: ServiceAccountParameterSet
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies the signing key length.
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies the name of the signing device.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
-
Ensure you run Windows PowerShell as an administrator. You can use the Force parameter to bypass the prompt for confirmation. To see parameters, run the following command:
Install-AdcsNetworkDeviceEnrollmentService -?