Initialize-RmsCryptoMode2
Initialize-RmsCryptoMode2 is accessible with the help of ADRMSAdmin module. To install ADRMSAdmin on your system please refer to this ADRMSAdmin.
Synopsis
Prepares an AD RMS server for transitioning to Cryptographic Mode 2.
Description
The Initialize-RmsCryptoMode2 cmdlet prepares an AD RMS server for transitioning to Cryptographic Mode 2.
Cryptographic Mode 2 is an updated and enhanced AD RMS cryptographic implementation. It supports 2048-bit RSA encryption and 256-bit length keys using the SHA-2 hashing algorithm (SHA-2/SHA-256) standards.
While this cmdlet is useful for performing the initial steps required in transitioning an AD RMS deployment to Cryptographic Mode 2. Additional tasks are required. First, all client computers in the AD RMS cluster environment must be patched to support this updated and enhanced mode. Depending on your deployment configuration, some or all servers might need to be updated as well. When all computers have been updated, as a the final transition task to Cryptographic Mode 2, you can run the Update-ADRMS cmdlet with the –UpdateCryptographicModeOnly parameter specified to effectively switch the cluster to using mode 2 instead of mode 1.
Parameters
-CspName
The name of the cryptographic service provider (CSP) to use for generating the mode 2 TUD when this cmdlet is executed. This CSP must be of the type PROV_RSA_AES to support mode 2 operation (in contrast to mode 1 keys which use the CSP type PROV_RSA_FULL).
Required? false
Position? named
Default value
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? false
-FilePath <String[]>
Specifies the name and location for the file generated when this cmdlet is executed. This file contains the mode 2 SLC (server licensor certificate) which is exported as part of transitioning a trusted user domain (TUD) to mode operation.
Required? true
Position? named
Default value
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? false
-Force <SwitchParameter>
Forces the cmdlet to save (overwrite) an existing file if one is found to exist under the name and location specified as part of the -FilePath parameter.
Required? false
Position? named
Default value
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? false
-Regenerate <SwitchParameter>
Forces the AD RMS server to generate a new key even if the cmdlet has already been run previously. This overwrites any previously generated key. Since this cmdlet can be run multiple times, if this parameter is omitted, the same key will be exported each subsequent time the cmdlet is run.
Required? false
Position? named
Default value
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? false
-Confirm <SwitchParameter>
Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false
-WhatIf <SwitchParameter>
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? falseSyntax
Initialize-RmsCryptoMode2 -FilePath <String[]> [-CspName <String>] [-Regenerate] [-Force] [-Path] <String[]> [-WhatIf] [-Confirm] [<CommonParameters>]
————– EXAMPLE 1 ————–
PS C:>Initialize-RmsCryptoMode2 -path . -FilePath c:\test.tud
Exports the server licensor certificate (SLC) for the current AD RMS server to the c:\test.tud for a server that uses centrally managed keys.
————– EXAMPLE 2 ————–
PS C:>Initialize-RmsCryptoMode2 -path . -FilePath c:\test2.tud -Regenerate
Initialize cryptographic mode 2
This will regenerate the cryptographic mode 2 key pair. Are you sure you want to continue?
[Y] Yes [N] No [S] Suspend [?] Help (default is “Y”):
Forces regeneration of the cryptographic mode 2 keys.
You can check the Version, CommandType and Source of this cmdlet by giving below command.
Get-Command Initialize-RmsCryptoMode2
