Add-DnsServerSigningKey
DNS Cmdlet: Add-DnsServerSigningKey
Syntax:
Add-DnsServerSigningKey [-ZoneName] <String>[[-Type] <String>] [[-CryptoAlgorithm] <String>][-ComputerName <String>] [[-KeyLength] <UInt32>][-InitialRolloverOffset <TimeSpan>] [-DnsKeySignatureValidityPeriod <TimeSpan>][-DSSignatureValidityPeriod <TimeSpan>] [-ZoneSignatureValidityPeriod <TimeSpan>][-RolloverPeriod <TimeSpan>] [-ActiveKey <String>][-StandbyKey <String>][-NextKey <String>] [-KeyStorageProvider <String>][-StoreKeysInAD <Boolean>][-PassThru] [-CimSession <CimSession[]>][-ThrottleLimit <Int32>][-AsJob][-WhatIf][-Confirm] [<CommonParameters>]
Parameters and Description:
| Parameters | Description |
|---|---|
| DSSignatureValidityPeriod (Type: TimeSpan) | Sets the time period for which the signatures that cover DS record sets are valid. |
| DnsKeySignatureValidityPeriod (Type: TimeSpan) | Sets the amount of time for which the signatures that cover DNSKEY record sets are valid. |
| ZoneSignatureValidityPeriod (Type: TimeSpan) | Denotes the time period for which the signatures that cover all other record sets are valid. |
| RolloverPeriod (Type: TimeSpan) | Represents the time period between scheduled key rollovers. |
| ActiveKey (Type: String) | Specifies a signing key pointer string that's been used for the KSK's active key. |
| StandbyKey (Type: String) | Specifies a signing key pointer string that's been used for the KSK's standby key. |
| StoreKeysInAD (Type: Boolean) | Mentions whether the keys are to be stored in Active Directory Domain Services (AD DS). This setting is valid only in AD-integrated zones where the vendor is Microsoft. |
To know further on Add-DnsServerSigningKeycmdlet, please refer to this article.
Purpose of this cmdlet:
The Add-DnsServerSigningKey cmdlet lets you add a KSK (Key Signing Key) or ZSK (Zone Signing Key) to a DNS signed zone.
Example:
Add-DnsServerSigningKey -ZoneName "corp.abc.com" -Type "KeySigningKey"
-CryptoAlgorithm "RsaSha1NSec3" -KeyLength 2048 -PassThru -Verbose
The above command adds a KSK to the DNS signed-zone corp.abc.com
Download ADManager Plus' 30-day trial to know how it simplifies group policy objects (GPO) management through its capability to:
- Create GPOs and link it to the desired domains, OUs, or sites in a few clicks
- Bulk add, remove, enforce or delete GPO links, and more.
Active Directory Management and Reporting Solution
ADManager Plus is a web-based tool which offers the capability to manage Active Directory attributes in bulk easily using CSV files or templates. Get built-in reports on users and export them in CSV, PDF, HTML and XLSX formats.
Free DownloadUnravel end-to-end Active Directory management with ADManager Plus
-
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Hybrid AD, cloud, and file auditing and security
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools