Resource Type: dsc_xadkdskey

Defined in:
lib/puppet/type/dsc_xadkdskey.rb

Overview

The DSC xADKDSKey resource type. Automatically generated from version 3.0.0.0

Properties

  • dsc_allowunsafeeffectivetime

    This option will allow you to create a KDS root key if EffectiveTime is set in the past. This may cause issues if you are creating a Group Managed Service Account right after you create the KDS Root Key. In order to get around this, you must create the KDS Root Key using a date in the past. This should be used at your own risk and should only be used in lab environments.

  • dsc_creationtime

    Specifies the Creation date and time of the KDS root key for informational purposes

  • dsc_distinguishedname

    Specifies the Distinguished Name (DN) of the KDS root key. The KDS Root Key is stored in ‘CN=Master Root Keys,CN=Group Key Distribution Service,CN=Services,CN=Configuration’ at the Forest level. This is also why replication needs 10 hours to occur before using the KDS Root Key as a safey measure.

  • dsc_ensure

    Specifies if this KDS Root Key should be present or absent

  • dsc_forceremove

    This option will allow you to remove a KDS root key if there is only one key left. It should not break your Group Managed Service Accounts (gMSAs), but if the gMSA password expires and it needs to request a new password, it will not be able to generate a new password until a new KDS Root Key is installed and ready for use. Because of this, the last KDS Root Key will not be removed unless this option is specified

  • dsc_keyid

    Specifies the KeyID of the KDS root key. This is the Common Name (CN) within Active Directory and is required to build the Distinguished Name

Parameters

  • dsc_effectivetime (namevar)

    Specifies the Effective time when a KDS root key can be used. There is a 10 hour minimum from creation date to allow active directory to properly replicate across all domain controllers. For this reason, the date must be set in the future for creation. While this parameter accepts a string, it will be converted into a DateTime object. This will also try to take into account cultural settings. Example: ‘05/01/1999 13:00 using default or ’en-US’ culture would be May 1st, but using ‘de-DE’ culture would be 5th of January. The culture is automatically pulled from the operating system and this can be checked using ‘Get-Culture’

  • dsc_psdscrunascredential
  • name (namevar)

    Description of the purpose for this resource declaration.

  • validation_mode (defaults to: property)

    Whether to check if the resource is in the desired state by property (default) or using Invoke-DscResource in Test mode (resource).