DSCResources/MSFT_xADKDSKey/MSFT_xADKDSKey.schema.mof
[ClassVersion("1.0.1.0"), FriendlyName("xADKDSKey")]
class MSFT_xADKDSKey : OMI_BaseResource { [Key, Description("Specifies the Effective time when a KDS root key can be used. There is a 10 hour minimum from creation date to allow active directory to properly replicate across all domain controllers. For this reason, the date must be set in the future for creation. While this parameter accepts a string, it will be converted into a DateTime object. This will also try to take into account cultural settings. Example: '05/01/1999 13:00 using default or 'en-US' culture would be May 1st, but using 'de-DE' culture would be 5th of January. The culture is automatically pulled from the operating system and this can be checked using 'Get-Culture'")] String EffectiveTime; [Write, Description("Specifies if this KDS Root Key should be present or absent"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("This option will allow you to create a KDS root key if EffectiveTime is set in the past. This may cause issues if you are creating a Group Managed Service Account right after you create the KDS Root Key. In order to get around this, you must create the KDS Root Key using a date in the past. This should be used at your own risk and should only be used in lab environments.")] Boolean AllowUnsafeEffectiveTime; [Write, Description("This option will allow you to remove a KDS root key if there is only one key left. It should not break your Group Managed Service Accounts (gMSAs), but if the gMSA password expires and it needs to request a new password, it will not be able to generate a new password until a new KDS Root Key is installed and ready for use. Because of this, the last KDS Root Key will not be removed unless this option is specified")] Boolean ForceRemove; [Read, Description("Specifies the Distinguished Name (DN) of the KDS root key. The KDS Root Key is stored in 'CN=Master Root Keys,CN=Group Key Distribution Service,CN=Services,CN=Configuration' at the Forest level. This is also why replication needs 10 hours to occur before using the KDS Root Key as a safey measure.")] String DistinguishedName; [Read, Description("Specifies the Creation date and time of the KDS root key for informational purposes")] DateTime CreationTime; [Read, Description("Specifies the KeyID of the KDS root key. This is the Common Name (CN) within Active Directory and is required to build the Distinguished Name")] String KeyId; }; |