Install-Adcs
Network
Device
Enrollment
Service
Syntax
Install-AdcsNetworkDeviceEnrollmentService
[-ApplicationPoolIdentity]
[-RAName <String>]
[-RAEmail <String>]
[-RACompany <String>]
[-RADepartment <String>]
[-RACity <String>]
[-RAState <String>]
[-RACountry <String>]
[-SigningProviderName <String>]
[-SigningKeyLength <Int32>]
[-EncryptionProviderName <String>]
[-EncryptionKeyLength <Int32>]
[-CAConfig <String>]
[-Force]
[-Credential <PSCredential>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Install-AdcsNetworkDeviceEnrollmentService
-ServiceAccountName <String>
-ServiceAccountPassword <SecureString>
[-RAName <String>]
[-RAEmail <String>]
[-RACompany <String>]
[-RADepartment <String>]
[-RACity <String>]
[-RAState <String>]
[-RACountry <String>]
[-SigningProviderName <String>]
[-SigningKeyLength <Int32>]
[-EncryptionProviderName <String>]
[-EncryptionKeyLength <Int32>]
[-CAConfig <String>]
[-Force]
[-Credential <PSCredential>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Install-AdcsNetworkDeviceEnrollmentService cmdlet performs the configuration of the Network Device Enrollment Service (NDES) role service.
To remove the NDES role service, use the Uninstall-AdcsNetworkDeviceEnrollmentService cmdlet.
You can import the cmdlet by running the following commands from Windows PowerShell:
-
Import-Module ServerManager
-
Add-WindowsFeature Adcs-Device-Enrollment
Int is equivalent to Int32 in the .NET Framework .
Examples
Example 1: Display the default NDES settings
PS C:\> Install-AdcsNetworkDeviceEnrollmentService -ApplicationPoolIdentity -WhatIf
This command displays the default NDES settings when the service is running as the default application identity without making any changes to the configuration.
Example 2: Display the default NDES settings using a service account name and password
PS C:\> Install-AdcsNetworkDeviceEnrollmentService -ServiceAccountName "CONTOSO\PattiFul" -ServiceAccountPassword (read-host "Set user password" -assecurestring) -WhatIf
This command displays the default settings when NDES is using a service account without making any changes to the configuration. This command uses the service account named CONTOSO\PattiFul that is a member of the local computer's IIS_USRS group.
Example 3: Install NDES using the application pool identity
PS C:\> Install-AdcsNetworkDeviceEnrollmentService -ApplicationPoolIdentity -CAConfig "<CAComputerName>\<CACommonName>"
This command installs NDES using the application pool identity to use a remote CA as specified by the CA computer
<CAComputerName>\<CACommonName>
.
Substitute the appropriate CA computer name and common name for
<CAComputerName>
and
<CACommonName>
.
Example 4: Install NDES using a specific service account
PS C:\> Install-AdcsNetworkDeviceEnrollmentService -ServiceAccountName MyDomain\AccountName -ServiceAccountPassword (read-host "Set user password" -assecurestring) -CAConfig "CAComputerName\CAName" -RAName "Contoso-NDES-RA" -RACountry "US" -RACompany "Contoso" -SigningProviderName "Microsoft Strong Cryptographic Provider" -SigningKeyLength 4096 -EncryptionProviderName "Microsoft Strong Cryptographic Provider" -EncryptionKeyLength 4096
This command installs the NDES using a service account named CONTOSO\PattiFul that is a member of the local computer's IIS_USRS group. The command also specifies several non-default parameters.
Required Parameters
Specifies the name of the account that is used by the Network Device Enrollment Service.
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | True (ByPropertyName) |
Accept wildcard characters: | False |
Specifies the password of the service account that is used by the Network Device Enrollment Service.
Type: | SecureString |
Position: | Named |
Default value: | None |
Accept pipeline input: | True (ByPropertyName) |
Accept wildcard characters: | False |
Optional Parameters
Indicates that the cmdlet the identity that the Network Device Enrollment Service (NDES) uses when communicating with the certification authority (CA). This parameter is only valid when NDES is using a remote CA. If the CA is local, the application pool identity account cannot be used.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Accept pipeline input: | True (ByPropertyName) |
Accept wildcard characters: | False |
Specifies remote certification authority (CA) that the Network Device Enrollment Service uses. This parameter is mandatory when used within the ApplicationPoolIdentity parameter. Do not use this parameter when a local CA is installed.
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | True (ByPropertyName) |
Accept wildcard characters: | False |
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies a
PSCredential
object that this cmdlet use to connect to the NDES role service.
To obtain a credential object, use the
Get-Credential
cmdlet.
For more information, type
Get-Help Get-Credential
.
The NDES must be installed on a server that is a member of an Active Directory Domain Services (AD DS) domain.
If NDES is configured to use a Standalone CA, then an account that is a member of the local Administrators on the CA is required.
If NDES is installed to use an Enterprise CA, then using an account that is a member of Domain Admins group is required.
Type: | PSCredential |
Position: | Named |
Default value: | None |
Accept pipeline input: | True (ByPropertyName) |
Accept wildcard characters: | False |
Specifies the encryption key length. This option is not valid if you use existing keys during installation.
Type: | Int32 |
Position: | Named |
Default value: | None |
Accept pipeline input: | True (ByPropertyName) |
Accept wildcard characters: | False |
Specifies the name of the encryption provider, such as the name of cryptographic service provider (CSP).
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | True (ByPropertyName) |
Accept wildcard characters: | False |
Forces the command to run without asking for user confirmation.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the city of the registration authority.
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | True (ByPropertyName) |
Accept wildcard characters: | False |
Specifies the organization or company that the registration authority represents.
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | True (ByPropertyName) |
Accept wildcard characters: | False |
Specifies the country of the registration authority.
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | True (ByPropertyName) |
Accept wildcard characters: | False |
Specifies the department of the registration authority.
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | True (ByPropertyName) |
Accept wildcard characters: | False |
Specifies the email address of the registration authority.
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | True (ByPropertyName) |
Accept wildcard characters: | False |
Specifies the name of the NDES registration authority.
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | True (ByPropertyName) |
Accept wildcard characters: | False |
Specifies the state or province (geographical political boundary), if applicable, of the registration authority.
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | True (ByPropertyName) |
Accept wildcard characters: | False |
Specifies the signing key length.
Type: | Int32 |
Position: | Named |
Default value: | None |
Accept pipeline input: | True (ByPropertyName) |
Accept wildcard characters: | False |
Specifies the name of the signing device.
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | True (ByPropertyName) |
Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
bool, int, string, string, string, string, string, string, string, string, string, SecurePassword, int, string
Outputs
Microsoft.CertificateServices.Deployment.Commands.NDES.NetworkDeviceEnrollmentServiceResult
Notes
-
Ensure you run Windows PowerShell as an administrator. You can use the
Force
parameter to bypass the prompt for confirmation.
To see parameters, run the following command:
Install-AdcsNetworkDeviceEnrollmentService -?