We're headed to GridSecCon 2024, October 22-25 in Minneapolis, MN! Learn more here

PowerShell PKI Module Documentation

Documentation Home
This command requires installed Remote Server Administration Tools (RSAT)

Restore-KeyRecoveryAgentFlagDefault

Synopsis

Restores Active Directory Certification Authority (AD CS) key recovery agent default flags.

Syntax

Restore-KeyRecoveryAgentFlagDefault [-InputObject] <KRAFlag[]> [-RestartCA] [<CommonParameters>]

Description

Restores Active Directory Certification Authority (AD CS) key recovery agent default flags and discards any previous KRA flag modifications. This command is helpful in the case of incorrect configuration or you want to stay "default".

By default no flags are enabled.

Parameters

-InputObject <KRAFlag[]>

Specifies existing KRAFlag object. This object can be retrieved by running Get-KeyRecoveryAgentFlag command.

Required? True
Position? 0
Default value
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? False

-RestartCA <SwitchParameter>

Restarts CA service on the specified CA server to immediately apply changes.

Required? False
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

PKI.CertificateServices.Flags.KRAFlag

Outputs

PKI.CertificateServices.Flags.KRAFlag

Notes

Examples

Example 1

PS C:\> Get-CertificationAuthority ca01.company.com | Get-KRAFlag | Restore-KRAFlag -RestartCA

The command restores default KRA flag configuration for CA server running on 'ca01.company.com' computer. After the configuration is changed, the command will restart certificate services to immediately apply changes.

Related links

Get-CertificationAuthority
Connect-CertificationAuthority
Get-KeyRecoveryAgentFlag
Enable-KeyRecoveryAgentFlag
Disable-KeyRecoveryAgentFlag

Minimum PowerShell version support

  • Windows PowerShell 3.0

Operating System Support

  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows 10
  • Windows 11
  • Windows Server 2008 R2 all editions
  • Windows Server 2012 all editions
  • Windows Server 2012 R2 all editions
  • Windows Server 2016 all editions
  • Windows Server 2019 all editions
  • Windows Server 2022 all editions