HelpCache/PS_DAServer_v1.0.0.cdxml-help.xml
<?xml version = "1.0" encoding = "utf-8" ?>
<helpItems schema="maml"> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-DAServer</command:name><maml:description><maml:para>Displays the properties of the DirectAccess (DA) server.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>DAServer</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-DAServer cmdlet displays the properties of the DirectAccess (DA) server.</maml:para><maml:para>The output displayed consists of the following.</maml:para><maml:para>Global Configuration: These properties are applicable to the entire DA deployment. -- DA installation configuration: full install or only manage-out. -- Internal IPv6 prefix. -- Authentication type. -- IPsec root certificate: The certificate is always configured separately on every server, although the same certificate issued by same root is present on all DA servers. -- Intermediate root certificate usage: enabled or disabled. -- Computer certificate authentication: enabled or disabled. -- DA server GPO name. -- Health check: enabled or disabled. </maml:para><maml:para>For the following properties either the server-level or cluster level, if load balancing has been deployed, configuration is returned. If multi-site is deployed, then this configuration is applicable at the site-level and configuration for the specified site is displayed. -- Client IPv6 prefix. -- Teredo State. -- Whether NAT is enabled. -- Does DA server have a single network adapter or two network adapters. </maml:para><maml:para>The following are pure server-level properties that are returned. In a multi-site deployment if both the EntryPointName and ComputerName parameters are specified, but the ComputerName parameter value does not belong to that entry point name, then no values are returned for these properties. However, if only the EntryPointName parameter is specified or the ComputerName parameter value is also specified and belongs to the specified entry point name, then the configuration is retrieved from the server on which the cmdlet is run as follows. -- Internet interface. -- Internal interface. -- SSL certificate. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-DAServer</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName)" position="2" aliases=""><maml:name>EntrypointName</maml:name><maml:description><maml:para>Specifies the identity of a site in a multi-site deployment and when specified indicates that the configuration of the DA server at that site should be retrieved. If this parameter is not specified in a multi-site deployment then the entry point to which the server on which this cmdlet is run is used. The server could also be represented by using the ComputerName parameter. If both this parameter and ComputerName parameter are specified and the computer name does not belong to the site represented by this parameter then this parameter takes precedence and the configuration is returned for it. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AsJob</maml:name><maml:description><maml:para>Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete. The cmdlet immediately returns an object that represents the job and then displays the command prompt. You can continue to work in the session while the job completes. To manage the job, use the *-Job cmdlets. To get the job results, use the <maml:navigationLink><maml:linkText>Receive-Job</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. For more information about Windows PowerShell® background jobs, see <maml:navigationLink><maml:linkText>about_Jobs</maml:linkText><maml:uri></maml:uri></maml:navigationLink>.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>CimSession</maml:name><maml:description><maml:para>Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a <maml:navigationLink><maml:linkText>New-CimSession</maml:linkText><maml:uri></maml:uri></maml:navigationLink> or <maml:navigationLink><maml:linkText>Get-CimSession</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. The default is the current session on the local computer.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CimSession[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ComputerName</maml:name><maml:description><maml:para>Specifies the IPv4 or IPv6 address, or host name, of the computer on which the DA server computer specific tasks should be run.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ThrottleLimit</maml:name><maml:description><maml:para>Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AsJob</maml:name><maml:description><maml:para>Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete. The cmdlet immediately returns an object that represents the job and then displays the command prompt. You can continue to work in the session while the job completes. To manage the job, use the *-Job cmdlets. To get the job results, use the <maml:navigationLink><maml:linkText>Receive-Job</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. For more information about Windows PowerShell® background jobs, see <maml:navigationLink><maml:linkText>about_Jobs</maml:linkText><maml:uri></maml:uri></maml:navigationLink>.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>CimSession</maml:name><maml:description><maml:para>Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a <maml:navigationLink><maml:linkText>New-CimSession</maml:linkText><maml:uri></maml:uri></maml:navigationLink> or <maml:navigationLink><maml:linkText>Get-CimSession</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. The default is the current session on the local computer.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CimSession[]</command:parameterValue><dev:type><maml:name>CimSession[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ComputerName</maml:name><maml:description><maml:para>Specifies the IPv4 or IPv6 address, or host name, of the computer on which the DA server computer specific tasks should be run.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName)" position="2" aliases=""><maml:name>EntrypointName</maml:name><maml:description><maml:para>Specifies the identity of a site in a multi-site deployment and when specified indicates that the configuration of the DA server at that site should be retrieved. If this parameter is not specified in a multi-site deployment then the entry point to which the server on which this cmdlet is run is used. The server could also be represented by using the ComputerName parameter. If both this parameter and ComputerName parameter are specified and the computer name does not belong to the site represented by this parameter then this parameter takes precedence and the configuration is returned for it. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ThrottleLimit</maml:name><maml:description><maml:para>Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para></maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.Management.Infrastructure.CimInstance#MSFT_DAServer</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>The Microsoft.Management.Infrastructure.CimInstance object is a wrapper class that displays Windows Management Instrumentation (WMI) objects. The path after the pound sign (#) provides the namespace and class name for the underlying WMI object. The output object contains the following properties: -- Type of DA installation: full or managed. -- Authentication type. -- Internal IPv6 prefix. -- Client IPHTTPS IPv6 prefix. -- Usage of computer certificate authorization for 1st tunnel: Enabled or Disabled. -- IPsec root certificate. -- Whether the IPsec root certificate is an intermediate root certificate. -- Status of Teredo: Enabled or Disabled. -- Whether the DA server is deployed behind NAT. -- Whether the configuration in which DA is deployed is a single or double network adapter. -- Name of the DA server GPO. -- Status of the health check. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>EXAMPLE 1</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-DAServer DAInstallType : FullInstall InternetInterface : Private Internet InternalInterface : Private Corpnet ConnectToAddress : 192.168.0.2 SslCertificate : [Subject] CN=192.168.0.2 [Issuer] CN=192.168.0.2 [Serial Number] 44442E555EE4CC999F9C4BB8E33AAAAA [Not Before] 23-01-2012 03:21:52 [Not After] 22-01-2017 19:31:51 [Thumbprint] D9BB718F6F1502967F5B3E2F59DEE9F00B9C2F5A GpoName : contoso.com\DirectAccess Server Settings InternalIPv6Prefix : 2002:836B:1:1::/64 ClientIPv6Prefix : 2002:836B:1:1000::/64 UserAuthentication : UserPasswd ComputerCertAuthentication : Disabled IPsecRootCertificate : IntermediateRootCertificate : False TeredoState : Disabled IsSingleNic : False IsNatDeployed : False HealthCheck : Disabled </dev:code><dev:remarks><maml:para>This example displays the properties of the local DA server.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=289524</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-DAServer</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-RemoteAccess</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-DAServer</command:name><maml:description><maml:para>Sets the properties specific to the DirectAccess (DA) server.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>DAServer</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-DAServer cmdlet sets the properties specific to the DirectAccess (DA) server.</maml:para><maml:para>The DA server properties that this cmdlet configures are of the following types. -- Properties which are applicable globally to the entire DA deployment. -- Properties which are applicable per-server, or per-cluster in a load balancing scenario, or per-site such as in a multi-site deployment. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-DAServer</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AsJob</maml:name><maml:description><maml:para>Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete. The cmdlet immediately returns an object that represents the job and then displays the command prompt. You can continue to work in the session while the job completes. To manage the job, use the *-Job cmdlets. To get the job results, use the <maml:navigationLink><maml:linkText>Receive-Job</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. For more information about Windows PowerShell® background jobs, see <maml:navigationLink><maml:linkText>about_Jobs</maml:linkText><maml:uri></maml:uri></maml:navigationLink>.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Session"><maml:name>CimSession</maml:name><maml:description><maml:para>Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a <maml:navigationLink><maml:linkText>New-CimSession</maml:linkText><maml:uri></maml:uri></maml:navigationLink> or <maml:navigationLink><maml:linkText>Get-CimSession</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. The default is the current session on the local computer.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CimSession[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ClientIPv6Prefix</maml:name><maml:description><maml:para>Specifies the prefix from which IPv6 addresses are assigned to the connecting clients in case of IP-HTTPS. The length should be 64 bits. In the case of a load balancing scenario the prefix length should be 59 bits. The client IPv6 prefix configuration is applicable per-server or per-site as in the case of multi-site deployments. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="Cn"><maml:name>ComputerName</maml:name><maml:description><maml:para>Specifies the IPv4 or IPv6 address, or host name, of the computer on which the DA server computer specific tasks should be run.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ConnectToAddress</maml:name><maml:description><maml:para>Specifies the DA server or NAT public, if DA server is deployed behind a NAT, address to which clients connect. Specified as host name or IPv4 address. When the ConnectTo address is changed, the SSL certificate is also changed appropriately. Following are the rules associated with assigning a proper certificate. -- This cmdlet looks for an appropriate SSL certificate on the computer. -- If an appropriate SSL certificate is not found, then a self-signed certificate is created. -- In the case of external load balancer configuration, if one or more computers are down, then the cmdlet bails out and the ConnectTo Address is not changed. -- In a load balancing scenario, if all computers are up and an appropriate SSL certificate is found only on some computers, then the cmdlet fails the operation of changing the ConnectTo address. If none of the computers has a proper SSL certificate, then a self-signed certificate is created on all computers and the ConnectTo change goes through. If one or more computers are down, then the certificate is updated only on the other computers. But the DA server GPO is updated to ensure that when these computers come up load balancing is in stopped state on them due to a certificate mismatch. For the certificate change, and as a result the ConnectTo address change, to take effect the administrator needs to install a similar certificate with the same name on the computers and re-run this cmdlet. If a self-signed certificate is being used, then the user just needs to re-run the cmdet and it automatically creates a self-signed certificate. -- In a multi-site scenario, this cmdlet does not create a self-signed certificate and always expects a proper certificate to be present on the computer itself. The ConnectTo address is applicable per-DA server or per-site, in the case of multi-site deployments. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>EntrypointName</maml:name><maml:description><maml:para>Specifies the identity of a site in a multi-site deployment and indicates that the DA server properties should be configured for that site. Only the following properties are applicable at the site level. The rest of the properties are global and therefore this parameter has no meaning to them. -- ClientIPv6Prefix. -- ConnectToAddress. -- TeredoState. If this parameter is not specified in a multi-site deployment, then the entry point name to which the server on which the cmdlet is run is used. The server could also be represented by using the ComputerName parameter. If both this parameter and ComputerName parameter are specified and the computer name does not belong to the site represented by the entry point name, then the entry point takes precedence. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Force</maml:name><maml:description><maml:para>Forces the command to run without asking for user confirmation. When suppressed the cmdlet assumes user confirmation for the following conditions. -- ConnectTo change would result in a change in the SSL certificate. -- During SSL certificate change if an appropriate certificate is not found then a self-signed certificate is created. -- Changing DA installation type. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>HealthCheck</maml:name><maml:description><maml:para>Specifies that health checks for DA clients are enabled or disabled. The acceptable values for this parameter are: -- Enabled. -- Disabled. The following are important behavioral aspects for health checks: -- In order to enable health checks, computer certificate authentication should already be enabled, such as an IPsec root certificate should be deployed. -- On disabling health checks, if neither of the following is already enabled, then computer certificate authentication is automatically disabled: ---- Multi-site, such as multi-site is not deployed or enabled. ---- User authentication is not two-factor. ---- Support for down-level clients is not enabled. -- This parmater is a global configuration that applies to the entire DA deployment. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IntermediateRootCertificate</maml:name><maml:description><maml:para>Specifies that the IPsec root certificate specified is an intermediate root certificate.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>InternalIPv6Prefix</maml:name><maml:description><maml:para>Represents the native IPv6 prefixes used in the internal network, in corporate network. The list of prefixes specified always overwrites the existing list of prefixes. The list of internal IPv6 prefixes is a global configuration and applies to the entire DA deployment. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="named" aliases=""><maml:name>IPsecRootCertificate</maml:name><maml:description><maml:para>Specifies the root certificate to which DA should chain. The acceptable values for this parameter are: -- Change the IPsec root certificate. -- Enable PKI if there is no IPsec root certificate already configured. However, this cmdlet configures the certificate only on the server on which this cmdlet finally runs.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>TeredoState</maml:name><maml:description><maml:para>Configures the state of Teredo. The acceptable values for this parameter are: -- Enabled. -- Disabled. The following are the behavioral aspects of Teredo State. -- Teredo can be enabled only if two consecutive Public IPv4 addresses are present on the Internet interface of the server. -- In a load balancing scenario. ---- If a 3rd party load balancer is being used and Teredo has to be enabled, then the load balancer should have two consecutive IP addresses. Additionally each DA server that is part of the Load balancer must have 2 consecutive public IPv4 addresses. ---- Teredo can be enabled on a cluster if the cluster has VIPs that are two consecutive public IPv4 addresses. If such IPs are not found, then the cluster should be destroyed first and two consecutive IPs should be configured on the DA server. -- The Teredo configuration is applicable per-computer or per-site, in the case of multi-site deployments. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ThrottleLimit</maml:name><maml:description><maml:para>Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>UserAuthentication</maml:name><maml:description><maml:para>Sets the type of authentication that is used to authenticate a DA user. The acceptable values for this parameter are: -- TwoFactor. -- UserPasswd. Here two-factor refers to certificate authentication, OTP authentication, or smartcard based authentication. Note: To setup OTP authentication enabling two-factor alone is not enough. It needs to be configured separately using the DAOtpAuth cmdlets. User authentication is a global configuration that applies to the entire DA deployment. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-DAServer</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AsJob</maml:name><maml:description><maml:para>Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete. The cmdlet immediately returns an object that represents the job and then displays the command prompt. You can continue to work in the session while the job completes. To manage the job, use the *-Job cmdlets. To get the job results, use the <maml:navigationLink><maml:linkText>Receive-Job</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. For more information about Windows PowerShell® background jobs, see <maml:navigationLink><maml:linkText>about_Jobs</maml:linkText><maml:uri></maml:uri></maml:navigationLink>.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Session"><maml:name>CimSession</maml:name><maml:description><maml:para>Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a <maml:navigationLink><maml:linkText>New-CimSession</maml:linkText><maml:uri></maml:uri></maml:navigationLink> or <maml:navigationLink><maml:linkText>Get-CimSession</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. The default is the current session on the local computer.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CimSession[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="Cn"><maml:name>ComputerName</maml:name><maml:description><maml:para>Specifies the IPv4 or IPv6 address, or host name, of the computer on which the DA server computer specific tasks should be run.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Force</maml:name><maml:description><maml:para>Forces the command to run without asking for user confirmation. When suppressed the cmdlet assumes user confirmation for the following conditions. -- ConnectTo change would result in a change in the SSL certificate. -- During SSL certificate change if an appropriate certificate is not found then a self-signed certificate is created. -- Changing DA installation type. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ThrottleLimit</maml:name><maml:description><maml:para>Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>DAInstallType</maml:name><maml:description><maml:para>Changes the configuration in which DA has been deployed. The acceptable values for this parameter are: -- FullInstall. -- ManageOut. This parameter is a global configuration and applies to the entire DA deployment. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-DAServer</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AsJob</maml:name><maml:description><maml:para>Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete. The cmdlet immediately returns an object that represents the job and then displays the command prompt. You can continue to work in the session while the job completes. To manage the job, use the *-Job cmdlets. To get the job results, use the <maml:navigationLink><maml:linkText>Receive-Job</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. For more information about Windows PowerShell® background jobs, see <maml:navigationLink><maml:linkText>about_Jobs</maml:linkText><maml:uri></maml:uri></maml:navigationLink>.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Session"><maml:name>CimSession</maml:name><maml:description><maml:para>Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a <maml:navigationLink><maml:linkText>New-CimSession</maml:linkText><maml:uri></maml:uri></maml:navigationLink> or <maml:navigationLink><maml:linkText>Get-CimSession</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. The default is the current session on the local computer.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CimSession[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ClientIPv6Prefix</maml:name><maml:description><maml:para>Specifies the prefix from which IPv6 addresses are assigned to the connecting clients in case of IP-HTTPS. The length should be 64 bits. In the case of a load balancing scenario the prefix length should be 59 bits. The client IPv6 prefix configuration is applicable per-server or per-site as in the case of multi-site deployments. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="Cn"><maml:name>ComputerName</maml:name><maml:description><maml:para>Specifies the IPv4 or IPv6 address, or host name, of the computer on which the DA server computer specific tasks should be run.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ConnectToAddress</maml:name><maml:description><maml:para>Specifies the DA server or NAT public, if DA server is deployed behind a NAT, address to which clients connect. Specified as host name or IPv4 address. When the ConnectTo address is changed, the SSL certificate is also changed appropriately. Following are the rules associated with assigning a proper certificate. -- This cmdlet looks for an appropriate SSL certificate on the computer. -- If an appropriate SSL certificate is not found, then a self-signed certificate is created. -- In the case of external load balancer configuration, if one or more computers are down, then the cmdlet bails out and the ConnectTo Address is not changed. -- In a load balancing scenario, if all computers are up and an appropriate SSL certificate is found only on some computers, then the cmdlet fails the operation of changing the ConnectTo address. If none of the computers has a proper SSL certificate, then a self-signed certificate is created on all computers and the ConnectTo change goes through. If one or more computers are down, then the certificate is updated only on the other computers. But the DA server GPO is updated to ensure that when these computers come up load balancing is in stopped state on them due to a certificate mismatch. For the certificate change, and as a result the ConnectTo address change, to take effect the administrator needs to install a similar certificate with the same name on the computers and re-run this cmdlet. If a self-signed certificate is being used, then the user just needs to re-run the cmdet and it automatically creates a self-signed certificate. -- In a multi-site scenario, this cmdlet does not create a self-signed certificate and always expects a proper certificate to be present on the computer itself. The ConnectTo address is applicable per-DA server or per-site, in the case of multi-site deployments. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Force</maml:name><maml:description><maml:para>Forces the command to run without asking for user confirmation. When suppressed the cmdlet assumes user confirmation for the following conditions. -- ConnectTo change would result in a change in the SSL certificate. -- During SSL certificate change if an appropriate certificate is not found then a self-signed certificate is created. -- Changing DA installation type. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>InternalIPv6Prefix</maml:name><maml:description><maml:para>Represents the native IPv6 prefixes used in the internal network, in corporate network. The list of prefixes specified always overwrites the existing list of prefixes. The list of internal IPv6 prefixes is a global configuration and applies to the entire DA deployment. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>TeredoState</maml:name><maml:description><maml:para>Configures the state of Teredo. The acceptable values for this parameter are: -- Enabled. -- Disabled. The following are the behavioral aspects of Teredo State. -- Teredo can be enabled only if two consecutive Public IPv4 addresses are present on the Internet interface of the server. -- In a load balancing scenario. ---- If a 3rd party load balancer is being used and Teredo has to be enabled, then the load balancer should have two consecutive IP addresses. Additionally each DA server that is part of the Load balancer must have 2 consecutive public IPv4 addresses. ---- Teredo can be enabled on a cluster if the cluster has VIPs that are two consecutive public IPv4 addresses. If such IPs are not found, then the cluster should be destroyed first and two consecutive IPs should be configured on the DA server. -- The Teredo configuration is applicable per-computer or per-site, in the case of multi-site deployments. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ThrottleLimit</maml:name><maml:description><maml:para>Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DisableComputerCertAuthentication</maml:name><maml:description><maml:para>Specifies that computer certificate authentication is to be disabled. Disabling this setting disables PKI for the DA deployment. Following are conditions for computer certificate authentication. -- Computer certificate authentication cannot be disabled if health checks are enabled using the HealthCheck parameter or Two-factor authentication is used for user authentication or when multi-site deployment is enabled or when Windows® 7 client support is enabled. -- User authentication configuration is automatically changed to UserPasswd when computer certificate authentication is disabled. Computer certificate authentication is re-enabled by configuring an IPsec root certificate using the IPsecRootCertificate parameter. Disabling of computer certificate authentication is a global configuration that applies to the entire DA deployment. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AsJob</maml:name><maml:description><maml:para>Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete. The cmdlet immediately returns an object that represents the job and then displays the command prompt. You can continue to work in the session while the job completes. To manage the job, use the *-Job cmdlets. To get the job results, use the <maml:navigationLink><maml:linkText>Receive-Job</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. For more information about Windows PowerShell® background jobs, see <maml:navigationLink><maml:linkText>about_Jobs</maml:linkText><maml:uri></maml:uri></maml:navigationLink>.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="Session"><maml:name>CimSession</maml:name><maml:description><maml:para>Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a <maml:navigationLink><maml:linkText>New-CimSession</maml:linkText><maml:uri></maml:uri></maml:navigationLink> or <maml:navigationLink><maml:linkText>Get-CimSession</maml:linkText><maml:uri></maml:uri></maml:navigationLink> cmdlet. The default is the current session on the local computer.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CimSession[]</command:parameterValue><dev:type><maml:name>CimSession[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ClientIPv6Prefix</maml:name><maml:description><maml:para>Specifies the prefix from which IPv6 addresses are assigned to the connecting clients in case of IP-HTTPS. The length should be 64 bits. In the case of a load balancing scenario the prefix length should be 59 bits. The client IPv6 prefix configuration is applicable per-server or per-site as in the case of multi-site deployments. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="Cn"><maml:name>ComputerName</maml:name><maml:description><maml:para>Specifies the IPv4 or IPv6 address, or host name, of the computer on which the DA server computer specific tasks should be run.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>ConnectToAddress</maml:name><maml:description><maml:para>Specifies the DA server or NAT public, if DA server is deployed behind a NAT, address to which clients connect. Specified as host name or IPv4 address. When the ConnectTo address is changed, the SSL certificate is also changed appropriately. Following are the rules associated with assigning a proper certificate. -- This cmdlet looks for an appropriate SSL certificate on the computer. -- If an appropriate SSL certificate is not found, then a self-signed certificate is created. -- In the case of external load balancer configuration, if one or more computers are down, then the cmdlet bails out and the ConnectTo Address is not changed. -- In a load balancing scenario, if all computers are up and an appropriate SSL certificate is found only on some computers, then the cmdlet fails the operation of changing the ConnectTo address. If none of the computers has a proper SSL certificate, then a self-signed certificate is created on all computers and the ConnectTo change goes through. If one or more computers are down, then the certificate is updated only on the other computers. But the DA server GPO is updated to ensure that when these computers come up load balancing is in stopped state on them due to a certificate mismatch. For the certificate change, and as a result the ConnectTo address change, to take effect the administrator needs to install a similar certificate with the same name on the computers and re-run this cmdlet. If a self-signed certificate is being used, then the user just needs to re-run the cmdet and it automatically creates a self-signed certificate. -- In a multi-site scenario, this cmdlet does not create a self-signed certificate and always expects a proper certificate to be present on the computer itself. The ConnectTo address is applicable per-DA server or per-site, in the case of multi-site deployments. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>DAInstallType</maml:name><maml:description><maml:para>Changes the configuration in which DA has been deployed. The acceptable values for this parameter are: -- FullInstall. -- ManageOut. This parameter is a global configuration and applies to the entire DA deployment. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>DisableComputerCertAuthentication</maml:name><maml:description><maml:para>Specifies that computer certificate authentication is to be disabled. Disabling this setting disables PKI for the DA deployment. Following are conditions for computer certificate authentication. -- Computer certificate authentication cannot be disabled if health checks are enabled using the HealthCheck parameter or Two-factor authentication is used for user authentication or when multi-site deployment is enabled or when Windows® 7 client support is enabled. -- User authentication configuration is automatically changed to UserPasswd when computer certificate authentication is disabled. Computer certificate authentication is re-enabled by configuring an IPsec root certificate using the IPsecRootCertificate parameter. Disabling of computer certificate authentication is a global configuration that applies to the entire DA deployment. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>EntrypointName</maml:name><maml:description><maml:para>Specifies the identity of a site in a multi-site deployment and indicates that the DA server properties should be configured for that site. Only the following properties are applicable at the site level. The rest of the properties are global and therefore this parameter has no meaning to them. -- ClientIPv6Prefix. -- ConnectToAddress. -- TeredoState. If this parameter is not specified in a multi-site deployment, then the entry point name to which the server on which the cmdlet is run is used. The server could also be represented by using the ComputerName parameter. If both this parameter and ComputerName parameter are specified and the computer name does not belong to the site represented by the entry point name, then the entry point takes precedence. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Force</maml:name><maml:description><maml:para>Forces the command to run without asking for user confirmation. When suppressed the cmdlet assumes user confirmation for the following conditions. -- ConnectTo change would result in a change in the SSL certificate. -- During SSL certificate change if an appropriate certificate is not found then a self-signed certificate is created. -- Changing DA installation type. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>HealthCheck</maml:name><maml:description><maml:para>Specifies that health checks for DA clients are enabled or disabled. The acceptable values for this parameter are: -- Enabled. -- Disabled. The following are important behavioral aspects for health checks: -- In order to enable health checks, computer certificate authentication should already be enabled, such as an IPsec root certificate should be deployed. -- On disabling health checks, if neither of the following is already enabled, then computer certificate authentication is automatically disabled: ---- Multi-site, such as multi-site is not deployed or enabled. ---- User authentication is not two-factor. ---- Support for down-level clients is not enabled. -- This parmater is a global configuration that applies to the entire DA deployment. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="named" aliases=""><maml:name>IPsecRootCertificate</maml:name><maml:description><maml:para>Specifies the root certificate to which DA should chain. The acceptable values for this parameter are: -- Change the IPsec root certificate. -- Enable PKI if there is no IPsec root certificate already configured. However, this cmdlet configures the certificate only on the server on which this cmdlet finally runs.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue><dev:type><maml:name>X509Certificate2</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IntermediateRootCertificate</maml:name><maml:description><maml:para>Specifies that the IPsec root certificate specified is an intermediate root certificate.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>InternalIPv6Prefix</maml:name><maml:description><maml:para>Represents the native IPv6 prefixes used in the internal network, in corporate network. The list of prefixes specified always overwrites the existing list of prefixes. The list of internal IPv6 prefixes is a global configuration and applies to the entire DA deployment. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>PassThru</maml:name><maml:description><maml:para>Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>TeredoState</maml:name><maml:description><maml:para>Configures the state of Teredo. The acceptable values for this parameter are: -- Enabled. -- Disabled. The following are the behavioral aspects of Teredo State. -- Teredo can be enabled only if two consecutive Public IPv4 addresses are present on the Internet interface of the server. -- In a load balancing scenario. ---- If a 3rd party load balancer is being used and Teredo has to be enabled, then the load balancer should have two consecutive IP addresses. Additionally each DA server that is part of the Load balancer must have 2 consecutive public IPv4 addresses. ---- Teredo can be enabled on a cluster if the cluster has VIPs that are two consecutive public IPv4 addresses. If such IPs are not found, then the cluster should be destroyed first and two consecutive IPs should be configured on the DA server. -- The Teredo configuration is applicable per-computer or per-site, in the case of multi-site deployments. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ThrottleLimit</maml:name><maml:description><maml:para>Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>UserAuthentication</maml:name><maml:description><maml:para>Sets the type of authentication that is used to authenticate a DA user. The acceptable values for this parameter are: -- TwoFactor. -- UserPasswd. Here two-factor refers to certificate authentication, OTP authentication, or smartcard based authentication. Note: To setup OTP authentication enabling two-factor alone is not enough. It needs to be configured separately using the DAOtpAuth cmdlets. User authentication is a global configuration that applies to the entire DA deployment. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para></maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.Management.Infrastructure.CimInstance#DAServer</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>The Microsoft.Management.Infrastructure.CimInstance object is a wrapper class that displays Windows Management Instrumentation (WMI) objects. The path after the pound sign (#) provides the namespace and class name for the underlying WMI object. The output object contains the following properties: -- Type of Direct Access installation: full or managed. -- Authentication type. -- Internal IPv6 prefix. -- Client IPHTTPS IPv6 prefix. -- Usage of computer certificate authorization for 1st tunnel: Enabled or Disabled. -- IPsec root certificate. -- Whether the IPsec root certificate is an intermediate root certificate. -- Status of Teredo: Enabled or Disabled. -- Whether the DA server is deployed behind NAT. -- Whether the configuration in which DA is deployed is a single or double network adapter. -- Name of the DA server GPO. -- Status of the health check. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>EXAMPLE 1</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code> PS C:\>Set-DAServer -DAInstallType FullInstall -PassThru Confirm If the DirectAccess Configuration is changed to FullInstall, DirectAccess client computers will be able to connect to internal network via DirectAccess. Do you want to continue to change DAInstallType? This cmdlet prompts user to confirm if they really want to change DA configuration. On confirming the cmdlet completes the underlying modifications. PS C:\> [Y] Yes [N] No [S]Suspend [?] Help (default is "Y"): Y DAInstallType : FullInstall InternetInterface : internet InternalInterface : datest ConnectToAddress : 131.107.0.2 SslCertificate : [Subject] CN=131.107.0.2 [Issuer] CN=131.107.0.2 [Serial Number] 65F63C49B30F669044653F3114390653 [Not Before] 11/29/2011 9:45:23 PM [Not After] 11/29/2016 1:55:22 PM [Thumbprint] 0A37103C3038781228FAC19D8725FAD395558FBF GpoName : corp.contoso.com\DirectAccess Server Settings InternalIPv6Prefix : 2006:2005:1::/48 ClientIPv6Prefix : 2006:2005:1:1000::/64 UserAuthentication : UserPasswd ComputerCertAuthentication : Disabled IPsecRootCertificate : IntermediateRootCertificate : TeredoState : Disabled IsSingleNic : False IsNatDeployed : False HealthCheck : Disabled </dev:code><dev:remarks><maml:para>This example, given a DA installation in a ManageOut mode, changes the DA configuration to FullInstall mode. This allows remote clients to connect to resources in the corporate network over the DA connection.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>EXAMPLE 2</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code> PS C:\>$certs = Get-ChildItem –Path Cert:\LocalMachine\Root PS C:\>$IPSecRootCert = $certs[13] PS C:\>$IPSecRootCert Directory: Microsoft.PowerShell.Security\Certificate::localmachine\root Thumbprint Subject ---------- ------- 65505D9CDD106DCC6D4C88D3D5FA0EE26B6A3C4F CN=corp-contoso-dc1-ca PS C:\>Set-DAServer -IPsecRootCertificate $IPsecRootCert -UserAuthentication "TwoFactor" -PassThru DAInstallType : FullInstall InternetInterface : internet InternalInterface : datest ConnectToAddress : 131.107.0.2 SslCertificate : [Subject] CN=131.107.0.2 [Issuer] CN=131.107.0.2 [Serial Number] 65F63C49B30F669044653F3114390653 [Not Before] 11/29/2011 9:45:23 PM [Not After] 11/29/2016 1:55:22 PM [Thumbprint] 0A37103C3038781228FAC19D8725FAD395558FBF GpoName : corp.contoso.com\DirectAccess Server Settings InternalIPv6Prefix : 2006:2005:1::/48 ClientIPv6Prefix : 2006:2005:1:1000::/64 UserAuthentication : TwoFactor ComputerCertAuthentication : Enabled IPsecRootCertificate : [Subject] CN=corp-contoso-dc1-ca [Issuer] CN=corp-contoso-dc1-ca [Serial Number] 4022E742A82AECA643E4E786DFE4CB6F [Not Before] 10/13/2011 8:03:11 AM [Not After] 10/13/2016 8:13:08 AM [Thumbprint] 65505D9CDD106DCC6D4C88D3D5FA0EE26B6A3C4F IntermediateRootCertificate : False TeredoState : Disabled IsSingleNic : False IsNatDeployed : False HealthCheck : Disabled </dev:code><dev:remarks><maml:para>This example enables Two-factor user authentication which enables users to use certificates for DA. There are multiple steps involved in enabling Two-factor authentication. By default, PKI is disabled during DA installation and will need to be enabled. This is achieved by provisioning an IPsec root certificate on the DA server using this cmdlet. The enterprise needs to have a certification authority (CA) which will provision this certificate for all domain joint computers. The first two steps in this example list out the certificates present in the root certificate store of the server computer and pick an appropriate one. In this case it happens to be the 13th certificate in the list. Using this cmdlet, the certificate is then assigned as the IPsec root certificate to enable PKI and the UserAuthentication is specified to be two-factor.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>EXAMPLE 3</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-DAServer -TeredoState Enabled </dev:code><dev:remarks><maml:para>This example enables clients to connect using Teredo. By default, Teredo is disabled unless two consecutive public IPv4 addresses are found on the internet facing interface of the server while installing DA. Before enabling Teredo, ensure that two consecutive public IP addresses are present.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>EXAMPLE 4</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>On running the cmdlet, the user is presented with a prompt to confirm the change to the ConnecToAddress parameter. PS C:\>Set-DAServer -ConnectToAddress daserverNew.com Changing the ConnectTo address will change the certificate used for IPHttps and VPN. If a load balanced cluster is deployed, change will be deployed to all servers in the cluster. Do you want to continue? On accepting this prompt, the cmdlet tries to locate a certificate for the new connectTo address. In this case it is unable to locate one and tries to create a self-signed certificate. PS C:\> [Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): Y Certificate IPHttps cannot be located on the Remote Access server. Do you want DirectAccess to create and use a self-signed certificate? Before creating one it asks for user confirmation through the second prompt. PS C:\> [Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): Y </dev:code><dev:remarks><maml:para>This example changes the connectTo address of the DA Server. However, since the same address is used in IPHttps and VPN certificates, applying this changes the certificates used for both these technologies.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=289768</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ChildItem</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-DAServer</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-RemoteAccess</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> </helpItems> |