Share via


Deploying AD CS Using Windows PowerShell

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

You can use the Set up Certification Authority with PowerShell from Vadims Podans to configure a Certification Authority (CA) on Windows Server 2008 or Windows Server 2008 R2. The other role services do not have a PowerShell methods for configuring them before Windows Server 2012. In Windows Server 2012, there are cmdlets to configure all six role services. Before you can configure an individual role service, you must install the role service's binaries. There are also two cmdlets for each role service in order to configure or remove the role service. The following table lists each AD CS role service and the corresponding cmdlets to install the binaries, configure, and remove it.

Role Service  Install binaries Configure Remove 
Certification Authority Add-WindowsFeature Adcs-Cert-Authority Install-AdcsCertificationAuthority Uninstall-AdcsCertificationAuthority
Certificate Enrollment Policy Web Service Add-WindowsFeature Adcs-Enroll-Web-Pol Install-AdcsEnrollmentPolicyWebService

Uninstall-AdcsEnrollmentPolicyWebService

Certificate Enrollment Web Service Add-WindowsFeature Adcs-Enroll-Web-Svc Install-AdcsEnrollmentWebService Uninstall-AdcsEnrollmentWebService
Certification Authority Web Enrollment Service Add-WindowsFeature Adcs-Web-Enrollment Install-AdcsWebEnrollment Uninstall-AdcsWebEnrollment
Network Device Enrollment Service Add-WindowsFeature Adcs-Device-Enrollment Install-AdcsNetworkDeviceEnrollmentService Uninstall-AdcsNetworkDeviceEnrollmentService
Online Responder Add-WindowsFeature Adcs-Online-Cert Install-AdcsOnlineResponder Uninstall-AdcsOnlineResponder

Each link in the table leads to the page with the syntax for the configuration or removal of the role service.