Learn more about: CA Backup and Restore Windows PowerShell cmdlets 7e195f5b-b194-40f3-a26d-5cf4ade5fc4d CA Backup and Restore Windows PowerShell cmdlets xelu86 alalve 06/21/2022 article Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012 Author: Justin Turner, Senior Support Escalation Engineer with the Windows group [!NOTE] This content is written by a Microsoft customer support engineer, and is intended for experienced administrators and systems architects who are looking for deeper technical explanations of
features and solutions in Windows Server 2012 R2 than topics on TechNet usually provide. However, it has not undergone the same editing passes, so some of the language may seem less polished than what is typically found on TechNet. OverviewThe ADCSAdministration Windows PowerShell module was introduced in Window Server 2012. Two new cmdlets were added to this module in Window Server 2012 R2 to support the Backup and Restore of a CA.
Backup-CARoleServiceADCSAdministration Cmdlet: Backup-CARoleService
-Password <Secure String>If the -Password parameter is used, the supplied password must be a secure string. Use the Read-Host cmdlet to launch an interactive prompt for secure password entry, or use the ConvertTo-SecureString cmdlet to specify the password in-line. Review the following examples Specifying a secure string for the Password parameter using Read-Host Backup-CARoleService c:\adcsbackup4 -Password (Read-Host -prompt "Password:" -AsSecureString) Specifying a secure string for the Password parameter using ConvertTo-SecureString Backup-CARoleService c:\adcsbackup5 -Password (ConvertTo-SecureString "Pa55w0rd!" -AsPlainText -Force) Restore-CARoleServiceADCSAdministration Cmdlet: Restore-CARoleService
IssuesA non-password protected backup is taken if the ConvertTo-SecureString function fails while using the Backup-CARoleService with the -Password parameter. Common errors
Additional ResourcesActive Directory Certificate Services Migration Guide Backing up a CA database and private key Restoring the CA database and configuration on the destination server Try This: Backup the CA in your lab using Windows PowerShell
Which option will allow private keys to be locked away and then restored if the user's private key is lost?By using key archival, private keys can be locked away and restored if the user's private key is lost.
What tool can a user use to request certificates that are not configured for autoenrollment?Users can request certificates that aren't configured for autoenrollment by using the Certificates snap-in.
Which acronym best describes a document that describes how a CA issues certificate?Certificate practice statement (CPS) A document describing how a CA issues certificates containing the CA identity, security practices used to maintain CA integrity, types of certificates issued, the renewal policy, and so forth.
Which type of cryptography provides the most security?The Advanced Encryption Standard, AES, is a symmetric encryption algorithm and one of the most secure. The United States Government use it to protect classified information, and many software and hardware products use it as well.
|