question

BobDeVivo-1081 avatar image
0 Votes"
BobDeVivo-1081 asked DaisyZhou-MSFT answered

Add-KdsRootKey -EffectiveTime

I'm curious about the difference between these two commands:

  • Add-KdsRootKey -EffectiveImmediately

  • Add-KdsRootKey -EffectiveTime ((get-date).addhours(-10))

Are they equivalent? According to the documentation here,

Using Add-KdsRootKey -EffectiveImmediately will add a root key to the target DC which will be used by the KDS service immediately.

However, the same page says that

To create the KDS root key in a test environment for immediate effectiveness, use Add-KdsRootKey -EffectiveTime ((get-date).addhours(-10))

The latter page seems to conflict with the documentation here, which states the the -EffectiveTime option:

specifies the date on which the newly generated root key takes effect. If this parameter is not specified, the default date set is 10 days after the current date.

Is it 10 days or 10 hours?



windows-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DaisyZhou-MSFT avatar image
0 Votes"
DaisyZhou-MSFT answered BobDeVivo-1081 commented

Hello @BobDeVivo-1081,

Thank you for posting here.

The two commands are different.

1.Add-KdsRootKey -EffectiveImmediately ==> will add a root key to the target DC which will be used by the KDS service immediately.

2.Add-KdsRootKey -EffectiveTime ((get-date).addhours(-10))==> It takes effect before 10 hours.

It takes effect before 10 hours, or you can set it to take effect after 10 hours. You can set the time according to your needs.

For example:
78953-time1.png


3.Add-KdsRootKey -EffectiveTime 03/06/2013==> It means the start time of this day 03/06/2013.

For example:

78985-time2.png

Hope the information baove is helpful.

Should you have any question or concern, please feel free to let us know.



Best Regards,
Daisy Zhou



time1.png (20.2 KiB)
time2.png (14.1 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I'm afraid I still don't understand. If you run the command Add-KdsRootKey without any parameters, it will take effect in 10 hours. Therefore, if you run

Add-KdsRootKey -EffectiveTime ((get-date).addhours(-10))

It will take effect immediately, correct?

0 Votes 0 ·
DaisyZhou-MSFT avatar image
0 Votes"
DaisyZhou-MSFT answered

Hello @BobDeVivo-1081,

From the link you provided, it did not say it will take effect in 10 hours.

82294-1111.png




Best Regards,
Daisy Zhou



1111.png (18.4 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.