Restores Active Directory Certification Authority (AD CS) key recovery agent default flags.
Restore-KeyRecoveryAgentFlagDefault [-InputObject] <KRAFlag[]> [-RestartCA] [<CommonParameters>]
Restores Active Directory Certification Authority (AD CS) key recovery agent default flags and discards any previous KRA flag modifications. This command is helpful in the case of incorrect configuration or you want to stay "default".
By default no flags are enabled.
Specifies existing KRAFlag object. This object can be retrieved by running Get-KeyRecoveryAgentFlag command.
Required? | True |
Position? | 0 |
Default value | |
Accept pipeline input? | true (ByValue, ByPropertyName) |
Accept wildcard characters? | False |
Restarts CA service on the specified CA server to immediately apply changes.
Required? | False |
Position? | named |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
PKI.CertificateServices.Flags.KRAFlag
PKI.CertificateServices.Flags.KRAFlag
Author: Vadims Podans
Blog: https://www.sysadmins.lv
PS C:\> Get-CertificationAuthority ca01.company.com | Get-KRAFlag | Restore-KRAFlag -RestartCA
The command restores default KRA flag configuration for CA server running on 'ca01.company.com' computer. After the configuration is changed, the command will restart certificate services to immediately apply changes.
Get-CertificationAuthority
Connect-CertificationAuthority
Get-KeyRecoveryAgentFlag
Enable-KeyRecoveryAgentFlag
Disable-KeyRecoveryAgentFlag