Installing CA via PowerShell : “-Whatif” not working

I just installed a CA server for testing, and noticed something strange.

First I installed the binaries with the cmdlet Add-WindowsFeature, without any issues:


When I was about to install and configure the CA role with the Install-AdcsCertificationAuthority cmdlet, I first wanted to see what the default values would be for parameters like CAType, KeyLength and ValidityPeriod, if I only supplied CACommonName and HashAlgorithmName.

According the the technet article about the Install-AdcsCertificationAuthority cmdlet (see here), I should be able to use -Whatif:


So I simply added “–Whatif” at the end:


I never saw any values in the output, but I figured that “ErrorId = 0” was a good sign and that the command at least would work as expected when I ran it without –Whatif.

I then removed “Root” from the CACommonName and ran the command again, this time without -whatif, but lo and behold, I got an error message saying that the CA was already installed!


At first I thought that WhatIf might be case sensitive, but it’s not:


So be careful when using -Whatif together with Install-AdcsCertificationAuthority.

About Tom Aafloen

IT Security Advisor @ Onevinn
This entry was posted in Okategoriserade. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s