Import-NAVEncryptionKey

Imports an encryption key from a file to a Business Central Server instance and database in SQL Server.

Syntax

Import-NAVEncryptionKey
      [[-ServerInstance] <String>]
      -ApplicationDatabaseServer <String>
      [-ApplicationDatabaseCredentials <PSCredential>]
      -ApplicationDatabaseName <String>
      [-KeyPath] <String>
      [-Password <SecureString>]
      [-Force]
      [-ProgressAction <ActionPreference>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Description

When using SQL Server authentication between the Business Central Server instance and database in SQL Server,Business Central encrypts passwords that are used by a Business Central Server instance to access to Business Central databases in SQL Server. This includes, for example, the Business Central Server service account credentials and the database credentials.

To encrypt and decrypt the passwords, an encryption key is used. Business Central uses a single encryption key per server instance. The encryption key must be installed on the computer where Business Central Server is installed and in the Business Central database.

In some cases, such as when upgrading or migrating a system from one set of hardware to another, you might need a copy of the encryption key that is used on one Business Central Server instance to use on another Business Central Server instance.

By first using the Export-NAVEncryptionKey cmdlet to export the encryption key from one Business Central Server instance to a file, you can then use the Import-NAVEncryptionKey to import the encryption key from the file to another Business Central Server instance. The Import-NAVEncryptionKey cmdlet enables you to specify a destination file for the encryption key and also specify a password that is used to protect the file, if any.

You cannot import an encryption key on the Business Central Server instance if an encryption key file already exists. You must first delete the encryption key from the computer where Business Central Server is installed. By default, encryption keys are stored in the C:\ProgramData\Microsoft\Business Central\130\Server\Keys folder.

Examples

EXAMPLE 1

Import-NAVEncryptionKey -ServerInstance BC -KeyPath "C:\Keys\nav.key" -ApplicationDatabaseServer MyNavSQLServer\MyNAV -ApplicationDatabaseName MyNavDB -Password (Get-Credential).Password

This example imports an encryption key from a password protected file that has the file path C:\Keys\nav.key to the Business Central Server instance that is called BC. The encryption key is imported to the MyNavDB database on the MyNavSQLServer\MyNAV server instance in SQL Server.

Parameters

-ApplicationDatabaseCredentials

Specifies the user name and password of the login account to use to access the application database in SQL Server by using SQL Server authentication

Type:PSCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-ApplicationDatabaseName

Specifies the name of the Business Central database in SQL Server to which you want to import the encryption key. In a multitenant deployment, this is the application database, which contains a list of mounted tenants.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ApplicationDatabaseServer

Specifies the SQL Server name and instance, such as MyServer\MyInstance, that hosts the Business Central database in which you want to import the encryption key. In a multitenant deployment, this is the application database, which contains a list of mounted tenants.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before executing the command.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Force

Forces the command to run without asking for user confirmation.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-KeyPath

The full path to the file that contains the encryption key. The full path includes the drive, folders and file name.

Type:String
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Password

Specifies a password that protects the encryption key file that are importing.

Type:SecureString
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ProgressAction

A common PowerShell parameter that determines how PowerShell responds to progress updates generated by a script, cmdlet, or provider. Learn more.

Type:ActionPreference
Aliases:proga
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ServerInstance

Specifies the name of a Business Central Server instance, for example, BC or myinstance. You can specify either the full name of an instance, such as MicrosoftDynamicsNavServer$myinstance or the short name such as myinstance.

Type:String
Position:0
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-WhatIf

Describes what would happen if you executed the command without actually executing the command.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

System.String

You can pipe the ServerInstance and KeyPath as strings to this cmdlet.

Outputs

None