Update-ADRMS
Updates an existing deployment of AD RMS Server.
Syntax
Update-ADRMS
[-ServiceAccount] <PSCredential>
[[-PrivateKeyPassword] <SecureString>]
[[-NewCspName] <String>]
[-UpdateCryptographicModeOnly]
[-Credential <PSCredential>]
[-Force]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Update-ADRMS cmdlet updates the Active Directory Rights Management Services (AD RMS) server role on a server that has been upgraded to this version of Windows. The cmdlet can also be used to update the AD RMS cryptographic mode on a server.
Examples
Example 1: Upgrade an AD RMS server
PS C:\> $mySecureStringPassword = ConvertTo-SecureString -String <password> -AsPlainText -Force
PS C:\> $myCred = Get-Credential
PS C:\> Update-ADRMS -PrivateKeyPassword $mySecureStringPassword -ServiceAccount $myCred
This example upgrades an AD RMS server and cluster that is using a cluster key password. The password must be specified securely as console input. The Get-Credential cmdlet will launch a popup dialog to enter the AD RMS Service Account credentials (username and password) that are also required to upgrade AD RMS.
Example 2: Upgrade an AD RMS server to cryptographic mode 2
PS C:\> $myCred = Get-Credential
PS C:\> Update-ADRMS -UpdateCryptographicModeOnly -ServiceAccount $myCred
This example updates an AD RMS server that is using a cluster key password to cryptographic mode 2. The Get-Credential command will launch a popup dialog to enter the AD RMS Service Account credentials (username and password) which are required for this update. The cluster key password is not required; but if the server is using CSP key storage, the NewCspName parameter must be included.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Credential
Specifies user credentials to use for the update process. If this parameter is specified, you will be prompted to enter credentials. This parameter operates in a similar manner to the RunAs command.
Type: | PSCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Force
Forces completion of the command by overriding restrictions that would prevent it from succeeding (so long as a the changes made do not compromise security).
Type: | SwitchParameter |
Position: | 3 |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-NewCspName
Specifies the new name of the cryptographic service provider (CSP) to use for storing the private key of the AD RMS server. This parameter is used in combination with the UpdateCryptographicMode parameter for AD RMS servers that are using CSP key storage.
Type: | String |
Position: | 2 |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-PrivateKeyPassword
Specifies the password for the AD RMS centrally managed key.
Type: | SecureString |
Position: | 1 |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ServiceAccount
Specifies the identity of the domain account that is used for the AD RMS service account.
Type: | PSCredential |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-UpdateCryptographicModeOnly
Indicates that only the cryptographic mode of the server is to be updated. To update the cryptographic mode of an AD RMS server, you must be logged in with an account that has membership in the local AD RMS Enterprise Administrators Group on that server. If the AD RMS server is using CSP key storage, the NewCspName parameter should also be specified.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
SwitchParameter, string, PSCredential, SecureString