Active Roles Community

Forum Setting a computer object encryption type using ARS Management Shell

Setting a computer object encryption type using ARS Management Shell

ScotJay over 2 years ago

Hey all.

With native AD commandlets, we can set computer encryption type using Set-ADcomputer, for example

Set-ADComputer -Identity fooComputer -KerberosEncryptionType AES256

However, I'm not sure how achieve this with Set-QADComputer, I tried the following, with no joy...

Set-QADComputer -Identity fooComputer -ObjectAttributes @{KerberosEncryptionType='AES256'}

Any ideas on how set this, and other UAC values using the ARS management shell?

Many thanks,

Jay.

Top Replies

Parents

0 JohnnyQuest over 2 years ago

Did a quick bit of researchon this and it looks like your Kerberos property is stored as bits in msDS-SupportedEncryptionTypes.

It's a 32-bit integer syntax so you have to send a number.

So you would need to do the bitwise math and then set this value.

Here's a reference

# Value 256 below is a placeholder only!

Set-QADComputer -Identity fooComputer -ObjectAttributes @{msDS-SupportedEncryptionTypes.=256}

This is one of those unexpectedly arcane topics. Happy Googl'ing
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
+1 JohnnyQuest over 2 years ago in reply to JohnnyQuest

In the command line above, the property name needs to be in single quotes because it contains dashes.

-ObjectAttributes @{'msDS-SupportedEncryptionTypes'=<some integer>}
Cancel
Up +1 Down

Reply

Reject Answer

Cancel

Reply

+1 JohnnyQuest over 2 years ago in reply to JohnnyQuest

In the command line above, the property name needs to be in single quotes because it contains dashes.

-ObjectAttributes @{'msDS-SupportedEncryptionTypes'=<some integer>}
Cancel
Up +1 Down

Reply

Reject Answer

Cancel

Children

No Data