Install-AdcsNetworkDeviceEnrollmentService

Install-AdcsNetworkDeviceEnrollmentService is accessible with the help of ADCSDeployment module. To install ADCSDeployment on your system please refer to this link.

Synopsis
Installs Network Device Enrollment Service

Description
The Install-AdcsNetworkDeviceEnrollmentService cmdlet performs the configuration of the Network Device Enrollment Service (NDES) role service.
To remove the NDES role service, use the Uninstall-AdcsNetworkDeviceEnrollmentService cmdlet

You can import the cmdlet by running the following commands from Windows PowerShell:
Import-Module ServerManager
Add-WindowsFeature Adcs-Device-Enrollment

Add-WindowsFeature Adcs-Device-Enrollment powershell script cmdlet command

Parameters

-ApplicationPoolIdentity 
         Specifies the identity that the Network Device Enrollment Service (NDES) will use when communicating with the certification authority (CA). This parameter is only valid when NDES is using a remote CA. If the CA is local, the application pool identity account cannot be used.

    Required?                    false
    Position?                    named
    Default value                
    Accept pipeline input?       true (ByPropertyName)
    Accept wildcard characters?  false

-CAConfig <String>
    Specifies remote certification authority (CA) that the Network Device Enrollment Service uses. This parameter is mandatory when used within the ApplicationPoolIdentity parameter. Do not use this parameter when a local CA is installed.

    Required?                    false
    Position?                    named
    Default value                
    Accept pipeline input?       true (ByPropertyName)
    Accept wildcard characters?  false

-Credential <PSCredential>
    The Network Device Enrollment Service (NDES) must be installed on a server that is a member of an Active Directory Domain Services (AD DS) domain. If NDES is configured to use a Standalone certification authority (CA), then an account that is a member of the local Administrators on the CA is required. If NDES is installed to use an Enterprise CA, then using an account that is a member of Domain Admins group is required.

    Required?                    false
    Position?                    named
    Default value                
    Accept pipeline input?       true (ByPropertyName)
    Accept wildcard characters?  false

-EncryptionKeyLength <Int32>
    Specifies the encryption key length. This option is not valid if you use existing keys during installation.

    Required?                    false
    Position?                    named
    Default value                
    Accept pipeline input?       true (ByPropertyName)
    Accept wildcard characters?  false

-EncryptionProviderName <String>
    Specifies the name of the encryption provider, such as the name of cryptographic service provider (CSP).

    Required?                    false
    Position?                    named
    Default value                
    Accept pipeline input?       true (ByPropertyName)
    Accept wildcard characters?  false

-Force <SwitchParameter>
    Forces the command to run without asking for user confirmation.

    Required?                    false
    Position?                    named
    Default value                
    Accept pipeline input?       false
    Accept wildcard characters?  false

-RACity <String>
    Specifies the city of the registration authority.

    Required?                    false
    Position?                    named
    Default value                
    Accept pipeline input?       true (ByPropertyName)
    Accept wildcard characters?  false

-RACompany <String>
    Specifies the organization or company that the registration authority represents.

    Required?                    false
    Position?                    named
    Default value                
    Accept pipeline input?       true (ByPropertyName)
    Accept wildcard characters?  false

-RACountry <String>
    Specifies the country of the registration authority.

    Required?                    false
    Position?                    named
    Default value                
    Accept pipeline input?       true (ByPropertyName)
    Accept wildcard characters?  false

-RADepartment <String>
    Specifies the department of the registration authority.

    Required?                    false
    Position?                    named
    Default value                
    Accept pipeline input?       true (ByPropertyName)
    Accept wildcard characters?  false

-RAEmail <String>
    Specifies the email address of the registration authority.

    Required?                    false
    Position?                    named
    Default value                
    Accept pipeline input?       true (ByPropertyName)
    Accept wildcard characters?  false

-RAName <String>
    Specifies the name of the Network Device Enrollment Service registration authority.

    Required?                    false
    Position?                    named
    Default value                
    Accept pipeline input?       true (ByPropertyName)
    Accept wildcard characters?  false

-RAState <String>
    Specifies the state or province (geographical political boundary), if applicable, of the registration authority.

    Required?                    false
    Position?                    named
    Default value                
    Accept pipeline input?       true (ByPropertyName)
    Accept wildcard characters?  false

-ServiceAccountName <String>
    Specifies the name of the account that is used by the Network Device Enrollment Service.

    Required?                    true
    Position?                    named
    Default value                
    Accept pipeline input?       true (ByPropertyName)
    Accept wildcard characters?  false

-ServiceAccountPassword <SecureString>
    Specifies the password of the service account that is used by the Network Device Enrollment Service.

    Required?                    true
    Position?                    named
    Default value                
    Accept pipeline input?       true (ByPropertyName)
    Accept wildcard characters?  false

-SigningKeyLength <Int32>
    Specifies the signing key length.

    Required?                    false
    Position?                    named
    Default value                
    Accept pipeline input?       true (ByPropertyName)
    Accept wildcard characters?  false

-SigningProviderName <String>
    Specifies the name of the signing device.

    Required?                    false
    Position?                    named
    Default value                
    Accept pipeline input?       true (ByPropertyName)
    Accept wildcard characters?  false

Syntax

Install-AdcsNetworkDeviceEnrollmentService [-ApplicationPoolIdentity ] [-CAConfig ] [-Credential ] [-EncryptionKeyLength ] [-EncryptionProviderName ] [-Force ] [-RACity ] [-RACompany ] [-RACountry ] [-RADepartment ] [-RAEmail ] [-RAName ] [-RAState ] [-SigningKeyLength ] [-SigningProviderName ] []

Install-AdcsNetworkDeviceEnrollmentService [-CAConfig <String>] [-Credential <PSCredential>] [-EncryptionKeyLength <Int32>] [-EncryptionProviderName <String>] [-Force ] [-RACity <String>] [-RACompany <String>] [-RACountry <String>] [-RADepartment <String>] [-RAEmail <String>] [-RAName <String>] [-RAState <String>] [-SigningKeyLength <Int32>] [-SigningProviderName <String>] -ServiceAccountName <String> -ServiceAccountPassword <SecureString> [<CommonParameters>]

Notes
Ensure you run Windows PowerShell as an administrator. You can use the -f switch to bypass the prompt for confirmation.

————————– EXAMPLE 1 ————————–
C:\PS>Install-AdcsNetworkDeviceEnrollmentService -ApplicationPoolIdentity -WhatIf
This command displays the default Network Device Enrollment Service settings when the service is running as the default application identity without making any changes to the configuration

————————– EXAMPLE 2 ————————–
C:\PS>Install-AdcsNetworkDeviceEnrollmentService -ServiceAccountName \ -ServiceAccountPassword (read-host “Set user password” -assecurestring) -WhatIf
This command displays the default settings when NDES is using a service account without making any changes to the configuration. This command assumes that the \ service account is a member of the local machine’s IIS_USRS group. Substitute the domain name for and the user account name for .

————————– EXAMPLE 3 ————————–
C:\PS>Install-AdcsNetworkDeviceEnrollmentService -ApplicationPoolIdentity -CAConfig \
This command installs the Network Device Enrollment Service using the application pool identity to use a remote CA as specified by the CA computer \. Substitute the appropriate CA computer name and common name for and .

————————– EXAMPLE 4 ————————–
C:\PS>Install-AdcsNetworkDeviceEnrollmentService -ServiceAccountName MyDomain\AccountName -ServiceAccountPassword (read-host “Set user password” -assecurestring) -CAConfig “CAMachineName\CAName” -RAName “TOSS-NDES-RA” -RACountry “US” -RACompany “TOSS” -SigningProviderName “Microsoft Strong Cryptographic Provider” -SigningKeyLength 4096 -EncryptionProviderName “Microsoft Strong Cryptographic Provider” -EncryptionKeyLength 4096
This command installs the Network Device Enrollment Service using a specific service account, which is indicated by \. The command also specifies several non-default parameters. The example assumes that the \ user/service account is a member of the local machine’s IIS_USRS group. Substitute the domain name for and the user account name for .

You can check the Version, CommandType and Source of this cmdlet by giving below command.

Get-Command Install-AdcsNetworkDeviceEnrollmentService

Get-Command Install-AdcsNetworkDeviceEnrollmentService powershell command cmdlet script

You can also read about
Uninstall-AdcsNetworkDeviceEnrollmentService

Click on this Link for an Single place where you get all the PowerShell cmdlet sorted based on the modules.

You can also refer other blogs on PowerShell at link

You can also refer other blogs on Microsoft at link

And also if you required any technology you want to learn, let us know below we will publish them in our site http://tossolution.com/

Like our page in Facebook and follow us for New technical information.

References are taken from Microsoft

Leave a Reply

Your email address will not be published. Required fields are marked *