| description | external help file | Module Name | ms.date | online version | schema | title |
|---|---|---|---|---|---|---|
Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. |
Microsoft.CertificateServices.Deployment.Commands.dll-Help.xml |
ADCSDeployment |
12/27/2016 |
2.0.0 |
Install-AdcsNetworkDeviceEnrollmentService |
Installs the NDES role service.
Install-AdcsNetworkDeviceEnrollmentService [-ApplicationPoolIdentity]
[-RAName <String>] [-RAEmail <String>] [-RACompany <String>]
[-RADepartment <String>] [-RACity <String>] [-RAState <String>]
[-RACountry <String>] [-SigningProviderName <String>]
[-SigningKeyLength <Int32>] [-EncryptionProviderName <String>]
[-EncryptionKeyLength <Int32>] [-CAConfig <String>] [-Force]
[-Credential <PSCredential>] [-WhatIf] [-Confirm] [<CommonParameters>]
Install-AdcsNetworkDeviceEnrollmentService -ServiceAccountName <String>
-ServiceAccountPassword <SecureString> [-RAName <String>]
[-RAEmail <String>] [-RACompany <String>] [-RADepartment <String>]
[-RACity <String>] [-RAState <String>] [-RACountry <String>]
[-SigningProviderName <String>] [-SigningKeyLength <Int32>]
[-EncryptionProviderName <String>] [-EncryptionKeyLength <Int32>]
[-CAConfig <String>] [-Force] [-Credential <PSCredential>] [-WhatIf]
[-Confirm] [<CommonParameters>]
The Install-AdcsNetworkDeviceEnrollmentService cmdlet performs the configuration of the Network
Device Enrollment Service (NDES) role service.
To remove the NDES role service, use the Uninstall-AdcsNetworkDeviceEnrollmentService cmdlet.
You can import the cmdlet by running the following commands from Windows PowerShell:
Import-Module ServerManagerAdd-WindowsFeature Adcs-Device-Enrollment
Int is equivalent to Int32 in the .NET Framework.
Install-AdcsNetworkDeviceEnrollmentService -ApplicationPoolIdentity -WhatIfThis command displays the default NDES settings that will be configured if it is installed.
$params = @{
ServiceAccountName = "CONTOSO\svcNDES"
ServiceAccountPassword = (Read-Host "Set user password" -AsSecureString)
WhatIf = $true
}
Install-AdcsNetworkDeviceEnrollmentService @paramsThis command displays the default settings when NDES is using a service account without making any
changes to the configuration. This command uses the service account named CONTOSO\svcNDES that
is a member of the local computer's IIS_USRS group.
$params = @{
ApplicationPoolIdentity = $true
CAConfig = "<CAComputerName>\<CACommonName>"
}
Install-AdcsNetworkDeviceEnrollmentService @paramsThis command installs NDES using the application pool identity to use a remote CA as specified by
the CA computer <CAComputerName>\<CACommonName>. Substitute the appropriate CA computer name and
common name for <CAComputerName> and <CACommonName>.
$params = @{
ServiceAccountName = "CONTOSO\svcNDES"
ServiceAccountPassword = (Read-Host "Set user password" -AsSecureString)
CAConfig = "CAComputerName\CAName"
RAName = "Contoso-NDES-RA"
RACountry = "US"
RACompany = "Contoso"
SigningProviderName = "Microsoft Strong Cryptographic Provider"
SigningKeyLength = 4096
EncryptionProviderName = "Microsoft Strong Cryptographic Provider"
EncryptionKeyLength = 4096
}
Install-AdcsNetworkDeviceEnrollmentService @paramsThis command installs the NDES using a service account named CONTOSO\svcNDES that is a member of
the local computer's IIS_USRS group. The command also specifies several non-default parameters.
Indicates the identity that the Network Device Enrollment Service (NDES) uses when communicating with the certification authority (CA). This parameter is only valid when NDES is using a remote CA. If the CA is local, the application pool identity account cannot be used.
Type: SwitchParameter
Parameter Sets: DefaultParameterSet
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: FalseSpecifies the remote certification authority (CA) that the Network Device Enrollment Service uses. This parameter is mandatory when used within the ApplicationPoolIdentity parameter. Do not use this parameter when a local CA is installed.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: FalsePrompts you for confirmation before running the cmdlet.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies a PSCredential object that this cmdlet uses to connect to the NDES role service. To
obtain a credential object, use the Get-Credential cmdlet. For more information, type
Get-Help Get-Credential. The NDES must be installed on a server that is a member of an Active
Directory Domain Services (AD DS) domain. If NDES is configured to use a Standalone CA, then an
account that is a member of the local Administrators on the CA is required. If NDES is installed to
use an Enterprise CA, then using an account that is a member of Domain Admins group is required.
Type: PSCredential
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: FalseSpecifies the encryption key length. This option is not valid if you use existing keys during installation.
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: FalseSpecifies the name of the encryption provider, such as the name of cryptographic service provider (CSP).
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: FalseForces the command to run without asking for user confirmation.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies the city of the registration authority.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: FalseSpecifies the organization or company that the registration authority represents.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: FalseSpecifies the country/region of the registration authority.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: FalseSpecifies the department of the registration authority.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: FalseSpecifies the email address of the registration authority.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: FalseSpecifies the name of the NDES registration authority.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: FalseSpecifies the state or province (geographical political boundary), if applicable, of the registration authority.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: FalseSpecifies the name of the account that is used by the Network Device Enrollment Service.
Type: String
Parameter Sets: ServiceAccountParameterSet
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: FalseSpecifies the password of the service account that is used by the Network Device Enrollment Service.
Type: SecureString
Parameter Sets: ServiceAccountParameterSet
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: FalseSpecifies the signing key length.
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: FalseSpecifies the name of the signing device.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: FalseShows what would happen if the cmdlet runs. The cmdlet is not run.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThis cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
-
Ensure you run Windows PowerShell as an administrator. You can use the Force parameter to bypass the prompt for confirmation. To see parameters, run the following command:
Install-AdcsNetworkDeviceEnrollmentService -?