Skip to content
PowerShell Commands

Add-KdsRootKey

Add-KdsRootKey [[-EffectiveTime] <DateTime>] [-LocalTestOnly] [-Confirm] [-WhatIf] [<CommonParameters>]
Add-KdsRootKey [-LocalTestOnly] -EffectiveImmediately* [-Confirm] [-WhatIf] [<CommonParameters>]

The Add-KdsRootKey cmdlet generates a new root key for the Microsoft Group Key Distribution Service (KdsSvc) within Active Directory. The Microsoft Group KdsSvc generates new group keys from the new root key.

Parameters

-EffectiveImmediately <SwitchParameter>

  • This value is required

Indicates that the Microsoft Group Key Distribution Service immediately uses the new root key.

-EffectiveTime [<DateTime>]

Specifies the date on which the newly generated root key takes effect. If this parameter is not specified, the default date set is 10 days after the current date.

-LocalTestOnly [<SwitchParameter>]

Indicates that the new root key is generated on the local host only. This parameter is used with the Set-KdsConfiguration cmdlet to test the local server configuration.

If this parameter is specified, then the cmdlet returns a value that indicates whether the test passed.

If this parameter is not specified, then the cmdlet returns the identifier (ID) of the root key when the operation succeeds.

-Confirm [<SwitchParameter>]

  • Default value is false

Prompts you for confirmation before running the cmdlet.Prompts you for confirmation before running the cmdlet.

-WhatIf [<SwitchParameter>]

  • Default value is false

Shows what would happen if the cmdlet runs. The cmdlet is not run.Shows what would happen if the cmdlet runs. The cmdlet is not run.

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,ErrorAction, ErrorVariable, WarningAction, WarningVariable,OutBuffer, PipelineVariable, and OutVariable.

Inputs
None
This cmdlet accepts no input objects.
Outputs
System.Boolean
System.Guid
Examples
  1. Generate a new root key:
    PS C:\> Add-KdsRootKey

    This command generates a new root key for the Microsoft Group KdsSvc within Active Directory.

  2. Generate a new root key for immediate use:
    PS C:\> Add-KdsRootKey -EffectiveImmediately

    This command generates a new root key immediately and adds it to the Microsoft Group KdsSvc.

  3. Generate a new root key which takes effect on a specific date:
    PS C:\> Add-KdsRootKey -EffectiveTime 03/06/2013

    This command generates a new root key for the Microsoft Group KdsSvc which takes effect on the date 03/06/2013. Use the mm/dd/yyyy format.

  4. Generate a new root key on the local host only:
    PS C:\> Add-KdsRootKey -LocalTestOnly

    This command generates a new root key on the local host only.

This work is licensed under a Creative Commons Attribution 4.0 International. It is attributed to Microsoft Corporation and can be found here.

PowerShell Commands