Sysadmins LV
Vadims Podāns
Vadims Podāns
  • I work at
PKI Solutions
Microsoft Most Valuable Professional: Windows PowerShell
Protected by Copyscape DMCA Takedown Notice Search Tool
This page is retired and no longer updated. Project documentation and download links are moved to their new home: PowerShell PKI Module.
This command requires installed Remote Server Administration Tools (RSAT)

Get-KeyRecoveryAgentFlag

Synopsis

Retrieves Active Directory Certificate Services (AD CS) key recovery agent (KRA) settings.

Syntax

Get-KeyRecoveryAgentFlag [-CertificationAuthority] <CertificateAuthority[]> [<CommonParameters>]

Description

Retrieves Active Directory Certificate Services (AD CS) key recovery agent (KRA) settings. Use this command in conjunction with Enable-KeyRecoveryAgentFlag and Disable-KeyRecoveryAgentFlag cmdlets to configure KRA settings.

By default no KRA flags are defined.

Parameters

-CertificationAuthority <CertificateAuthority[]>

Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.

Required? True
Position? 0
Default value
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

PKI.CertificateServices.CertificateAuthority

Outputs

PKI.CertificateServices.Flags.KRAFlag

Notes

Author: Vadims Podans
Blog: https://www.sysadmins.lv

Examples

Example 1

PS C:\> Get-CertificationAuthority -name "company-CA01" | Get-KeyRecoveryAgentFlag

The command retrieves KRA settings for 'company-CA01' CA server.

Example 2

PS C:\> Get-CertificationAuthority | Get-KeyRecoveryAgentFlag

The command retrieves KRA settings for all Enterprise CAs in the current Active Directory forest.

Example 3

PS C:\> Get-CertificationAuthority -Name "company-CA01" | Get-KeyRecoveryAgentFlag | Disable-KeyRecoveryAgentFlad -Flag "EnableForeign"

This command disables key archival for keys that were issued (signed) by other (or 3rd party) CA server. After the configuration is changed, the command will restart certificate services to immediately apply changes.

Example 4

PS C:\> Get-CertificationAuthority | Get-KeyRecoveryAgentFlag | Enable-KeyRecoveryAgentFlad -Flag "EnableForeign"

This example allows the CA to archive public and private key pair that were issued (signed) by other (or 3rd party) CA. After the configuration is changed, the command will restart certificate services to immediately apply changes.

Related links

Get-CertificationAuthority
Connect-CertificationAuthority
Enable-KeyRecoveryAgentFlag
Disable-KeyRecoveryAgentFlag
Restore-KeyRecoveryAgentFlagDefault

Minimum PowerShell version support

  • PowerShell 3.0

Operating System Support

  • Windows Server 2003 all editions
  • Windows Server 2008 all editions
  • Windows Server 2008 R2 all editions
  • Windows Server 2012 all editions
  • Windows Server 2012 R2 all editions
  • Windows Server 2016 all editions
Share this article: