I'm curious about the difference between these two commands:
Add-KdsRootKey -EffectiveImmediatelyAdd-KdsRootKey -EffectiveTime ((get-date).addhours(-10))
Are they equivalent? According to the documentation here,
Using
Add-KdsRootKey -EffectiveImmediatelywill add a root key to the target DC which will be used by the KDS service immediately.
However, the same page says that
To create the KDS root key in a test environment for immediate effectiveness, use
Add-KdsRootKey -EffectiveTime ((get-date).addhours(-10))
The latter page seems to conflict with the documentation here, which states the the -EffectiveTime option:
specifies the date on which the newly generated root key takes effect. If this parameter is not specified, the default date set is 10 days after the current date.
Is it 10 days or 10 hours?


