{'Description':'IPv4/IPv6 address or hostname of the computer on which the remote access server machine specific tasks should be executed','In':True}
EntrypointName
string
1
✓
-
{'Description':'Entrypoint refers to the identity of a site in a multisite deployment to which down-level clients are added, i.e., these clients can only connect to the specified site. If entrypoint parameter is not specified then the site to which the computer on which the cmdlet is executed belongs is used (user may or may not be specifying a ComputerName)','In':True}
{'Description':'Object consists of the following properties
1. Status of DirectAccess and VPN configuration
2. The entire VPN configuration
3. The entire DirectAccess configuration
4. Configuration common to both VPN and DirectAccess
','Out':True}
Description
'This cmdlet displays the configuration of DirectAccess and VPN. '
{'Description':'IPv4/IPv6 address or hostname of the computer on which the remote access server machine specific tasks should be executed','In':True}
Prerequisite
boolean
1
✓
-
{'Description':'Indicates that pre-requisite checks should be performed. This parameter is part of a separate parameter set used to only run the pre-requisite checks for DA','In':True}
Status
boolean
2
-
✓
{'Description':'Returns True when all the pre-requisites have passed, and False when one or more have failed.','Out':True}
Description
'This cmdlet does the following 1. Performs pre-requisite checks for DirectAccess to ensure that it can be installed 2. Installs DirectAccess for Remote Access (includes management of remote clients) or for management of remote clients only 3. Installs VPN (both Remote Access VPN and site-to-site VPN) 4. Installs multi-tenant S2S VPN '
InstallByDAPrerequisiteChecks method is in 1 class (PS_RemoteAccess) of ROOT\Microsoft\Windows\RemoteAccess\MS_409 and in 2 namespaces
{'Description':'IPv4/IPv6 address or hostname of the computer on which the remote access server machine specific tasks should be executed','In':True}
DAInstallType
string
1
✓
-
{'Description':'Indicates the configuration in which DirectAccess should be installed. Can take one of the following values
1. FullInstall - DirectAccess is installed for both remote access and for the management of remote clients
2. ManageOut - DirectAccess is installed only for the management of remote clients','In':True}
ClientGpoName
string
2
✓
-
{'Description':'Names of the client Group Policy object. The Group Policy object name is specified in DOMAIN\GPO_NAME format. Domain can be one of the domains deployed in the corporate network.
If a name is not specified then by default a Group Policy object with the following name is created in the DirectAccess server's domain: client policy for DirectAccess connection to workplace','In':True}
InternalInterface
string
3
✓
-
{'Description':'Name of the corporate network facing interface. In a single network adapter configuration the same name is specified for both internal and Internet interfaces.
If name is not specified then cmdlet tries to detect the internal interface automatically','In':True}
InternetInterface
string
4
✓
-
{'Description':'Name of the Internet facing interface. In a single network adapter configuration the same name is specified for both internal and Internet interfaces.
If name is not specified then cmdlet tries to detect the Internet interface automatically
','In':True}
NlsCertificate
uint8
5
✓
-
{'Description':'Indicates that the Network Location Server should be configured on the DirectAccess server itself and represents the certificate to be used. The subject name of the certificate should match the internal interface of the DirectAccess server','In':True}
NlsUrl
string
6
✓
-
{'Description':'Specifying this parameter indicates that the Network location server is present on a different server and represents the URL on the server that will be used to provide clients with location information','In':True}
NoPrerequisite
boolean
7
✓
-
{'Description':'This parameter when specified indicates that a prerequisite check should not be performed for DirectAccess','In':True}
ServerGpoName
string
8
✓
-
{'Description':'Name of the Group Policy object for the DirectAccess server. Specified in the format DOMAIN\GPO_NAME.
If a name is not specified then a Group Policy object with the following name is created in the DirectAccess server's domain: server policy for DirectAccess connection to workplace','In':True}
ConnectToAddress
string
9
✓
-
{'Description':'Indicates the DirectAccess server or NAT public address that clients connect to. Specified as hostname or IPv4 address','In':True}
DeployNat
boolean
10
✓
-
{'Description':'Specifying this switch parameter indicates that Directaccess should be deployed behind a NAT. In a single network adapter configuration scenario the DirectAccess server is always deployed behind a NAT and hence there is no need to specify this switch parameter','In':True}
PassThru
boolean
11
✓
-
{'Description':'Specifying PassThru returns the Remote Access object which contains the entire Remote Access (DirectAccess and VPN) configuration. This cmdlet doesnt generate an object by default.','In':True}
Force
boolean
12
✓
-
{'Description':'Switch parameter used to suppress user confirmation prompts for the following conditions. When suppressed the cmdlet assumes user confirmation for the following changes
1. If an appropriate certificate for Network location server is not found then a self-signed certificate is created
2. If an appropriate SSL certificate is not found then a self-signed certificate is created','In':True}
{'Description':'Object consists of the following properties
1. Status of DirectAccess - installed or uninstalled
2. Status of VPN - installed or uninstalled
3. Status of site-to-site VPN - installed or uninstalled
4. Status of load balancing - enabled or disabled
5. The name of the internet facing interface of the Remote Access server
6. The name of the internal facing interface of the Remote Access server
7. SSL certificate which is used for IP-HTTPS and SSTP','Out':True}
Description
'This cmdlet does the following 1. Performs pre-requisite checks for DirectAccess to ensure that it can be installed 2. Installs DirectAccess for Remote Access (includes management of remote clients) or for management of remote clients only 3. Installs VPN (both Remote Access VPN and site-to-site VPN) 4. Installs multi-tenant S2S VPN '
InstallByDirectAccess method is in 1 class (PS_RemoteAccess) of ROOT\Microsoft\Windows\RemoteAccess\MS_409 and in 2 namespaces
{'Description':'IPv4/IPv6 address or hostname of the computer on which the remote access server machine specific tasks should be executed','In':True}
MultiTenancy
boolean
1
✓
-
{'Description':'If specified enables multi tenancy of the service.','In':True}
MsgAuthenticator
string
2
✓
-
{'Description':'Indicates whether usage of message authenticator should be enabled or disabled. Can take one of the following values
1. Enabled
2. Disabled
By default it is disabled.
This parameter is applicable only when a Radius server is being configured for authentication','In':True}
PassThru
boolean
3
✓
-
{'Description':'Specifying PassThru returns the Remote Access object which contains the entire Remote Access (DirectAccess and VPN) configuration. This cmdlet doesnt generate an object by default.','In':True}
RadiusPort
uint16
4
✓
-
{'Description':'Indicates the port number on which the RADIUS server is accepting authentication requests. Default is 1812. This parameter is applicable only when a Radius server is being configured for authentication
','In':True}
RadiusScore
uint8
5
✓
-
{'Description':'Indicates the initial score. The default is 30
This parameter is applicable only when a RADIUS server is being configured for authentication','In':True}
RadiusServer
string
6
✓
-
{'Description':'IPv4/IPv6 address or hostname of the RADIUS server that is to be used for authentication. Specifying this parameter indicates that RADIUS authentication should be used for VPN.
','In':True}
RadiusTimeout
uint32
7
✓
-
{'Description':'The value is specified in seconds. Default is 5 secs
This parameter is applicable only when a RADIUS server is being configured for authentication','In':True}
SharedSecret
string
8
✓
-
{'Description':'Shared secret between the Remote Access server and the specified external RADIUS server which is required for successful communication between the two servers. Note that the secret is specified in clear text.
It is mandatory to specify this parameter if a RADIUS server is being configured for authentication','In':True}
{'Description':'Object consists of the following properties
1. Status of DirectAccess - installed or uninstalled
2. Status of VPN - installed or uninstalled
3. Status of site-to-site VPN - installed or uninstalled
4. Status of load balancing - enabled or disabled
5. The name of the internet facing interface of the Remote Access server
6. The name of the internal facing interface of the Remote Access server
7. SSL certificate which is used for IP-HTTPS and SSTP
8. MultiTenancyStatus
9. Authnetication Type
10. Radius Server List
11. Capacity in Kbps
','Out':True}
Description
'This cmdlet does the following 1. Performs pre-requisite checks for DirectAccess to ensure that it can be installed 2. Installs DirectAccess for Remote Access (includes management of remote clients) or for management of remote clients only 3. Installs VPN (both Remote Access VPN and site-to-site VPN) 4. Installs multi-tenant S2S VPN '
InstallByMultiTenant method is in 1 class (PS_RemoteAccess) of ROOT\Microsoft\Windows\RemoteAccess\MS_409 and in 2 namespaces
{'Description':'IPv4/IPv6 address or hostname of the computer on which the remote access server machine specific tasks should be executed','In':True}
VpnType
string
1
✓
-
{'Description':'Indicates the type of VPN installation. Can take on of the following values
1. Vpn
2. VpnS2S
','In':True}
IPAddressRange
string
2
✓
-
{'Description':'Specifying this parameter indicates that static pool IPv4 addressing should be enabled. The parameter contains an IP address range (consisting of a start IP and an end IP) from which IP addresses are allocated to VPN clients.
In load balancing scenario only static pool IPv4 addressing is supported for VPN (DHCP address assignment is not supported). Hence it is mandatory to specify this parameter and an IPv4 address range should be provided for every node in the cluster. The address are specified in the following format: StartIPRange1, EndIPRange1, StartIPRange2, EndIPRange2, StartIPRange3, EndIPRange3. Essentially the start and end IP addresses of each of the ranges are specified one after the other and separated by commas.','In':True}
RadiusServer
string
3
✓
-
{'Description':'IPv4/IPv6 address or hostname of the RADIUS server that is to be used for authentication. Specifying this parameter indicates that RADIUS authentication should be used for VPN.
','In':True}
SharedSecret
string
4
✓
-
{'Description':'Shared secret between the Remote Access server and the specified external RADIUS server which is required for successful communication between the two servers. Note that the secret is specified in clear text.
It is mandatory to specify this parameter if a RADIUS server is being configured for authentication','In':True}
RadiusTimeout
uint32
5
✓
-
{'Description':'The value is specified in seconds. Default is 5 secs
This parameter is applicable only when a RADIUS server is being configured for authentication','In':True}
RadiusScore
uint8
6
✓
-
{'Description':'Indicates the initial score. The default is 30
This parameter is applicable only when a RADIUS server is being configured for authentication','In':True}
RadiusPort
uint16
7
✓
-
{'Description':'Indicates the port number on which the RADIUS server is accepting authentication requests. Default is 1812. This parameter is applicable only when a Radius server is being configured for authentication
','In':True}
MsgAuthenticator
string
8
✓
-
{'Description':'Indicates whether usage of message authenticator should be enabled or disabled. Can take one of the following values
1. Enabled
2. Disabled
By default it is disabled.
This parameter is applicable only when a Radius server is being configured for authentication','In':True}
PassThru
boolean
9
✓
-
{'Description':'Specifying PassThru returns the Remote Access object which contains the entire Remote Access (DirectAccess and VPN) configuration. This cmdlet doesnt generate an object by default.','In':True}
IPv6Prefix
string
10
✓
-
{'Description':'Specifying this parameter enables IPv6 address assignment for VPN and specifies the prefix to use for the addressing','In':True}
EntrypointName
string
11
✓
-
{'Description':'Entrypoint refers to the identity of a site in a multisite deployment where VPN needs to be installed. This is required in a scenario where DirectAccess with multisite is already deployed and a user wants to additionally deploy VPN. If entrypoint is not specified then the entrypoint to which the server on which the cmdlet is executed belongs is used. The server could also be represented using the ComputerName parameter.
If both entrypoint and computername are specified and the ComputerName does not belong to the site represented by the entrypoint then the entrypoint takes precedence and VPN is deployed at the site indicated by it.
Note that in a multisite deployment case VPN can only be installed one site at a time.','In':True}
{'Description':'Object consists of the following properties
1. Status of DirectAccess - installed or uninstalled
2. Status of VPN - installed or uninstalled
3. Status of site-to-site VPN - installed or uninstalled
4. Status of load balancing - enabled or disabled
5. The name of the internet facing interface of the Remote Access server
6. The name of the internal facing interface of the Remote Access server
7. SSL certificate which is used for IP-HTTPS and SSTP','Out':True}
Description
'This cmdlet does the following 1. Performs pre-requisite checks for DirectAccess to ensure that it can be installed 2. Installs DirectAccess for Remote Access (includes management of remote clients) or for management of remote clients only 3. Installs VPN (both Remote Access VPN and site-to-site VPN) 4. Installs multi-tenant S2S VPN '
InstallByVpn method is in 1 class (PS_RemoteAccess) of ROOT\Microsoft\Windows\RemoteAccess\MS_409 and in 2 namespaces
{'Description':'Specifies the certificate that will be used to secure remote clients connectivity over HTTPS (in case of DirectAccess) or SSTP (in case of VPN)
1. SSL certificate changes are allowed only within the bounds of the current value of the ConnectTo address (configurable through the set-daserver cmdlet), i.e., the subject name of the new certificate should always match ConnectTo. All other certificates are rejected and the cmdlet errors out, even if all other criteria for an SSL certificate are satisfied. This behavior is applicable irrespective of whether NAT is deployed or not and whether the server has a single network adapter or two network adapters
2. In a network load balancing scenario the changes take effect on all nodes. Hence, the specified certificate is required to be present on all nodes in the cluster
a. If the certificate is not found on one or more nodes then the cmdlet errors out
b. If one or more nodes are down when changing the certificate then the change applies only on the nodes that are up. But the DirectAccess server Group policy object is updated to ensure that when these machines come up load balancing is in stopped state on them due to a certificate mismatch. For the certificate change to take effect, the admin needs to install a similar certificate on them and re-run this cmdlet ','In':True}
ComputerName
string
1
✓
-
{'Description':'IPv4/IPv6 address or hostname of the computer on which the remote access server machine specific tasks should be executed. If ComputerName is specified then the configuration changes take place on that Remote Access server','In':True}
InternetInterface
string
2
✓
-
{'Description':'Name of the Internet facing interface
1. In a single network adapter configuration if the admin wants to change the interface then the new name should be specified for both Internal Interface and Internet Interface parameters
2. When changing the Internet interface, if the IP address of the ConnectTo is known, the IP address of the specified interface is compared with the ConnectTo address. If there is a mismatch then the the interface is not changed and the cmdlet errors out. If only the name of ConnectTo is known and it cannot be resolved or if the Remote Access server is deployed behind NAT then it is assumed that the new interface matches with the ConnectTo address','In':True}
InternalInterface
string
3
✓
-
{'Description':'Name of the corporate network facing interface
1. In a single network adapter configuration if the admin wants to change the interface then the new name should be specified for both Internal Interface and Internet Interface parameters','In':True}
CapacityKbps
uint64
4
✓
-
{'In':True}
Force
boolean
5
✓
-
{'Description':'Switch parameter used to suppress user confirmation prompts for the following conditions. When suppressed the cmdlet assumes user confirmation for the followingchanges
1. Changing the interfaces: this results in re-configuration which is time consuming and the server cannot accept connections during this time','In':True}
PassThru
boolean
6
✓
-
{'Description':'Returns an object the contains the configuration common to DirectAccess and VPN. By default this cmdlet does not generate any output','In':True}
{'Description':'Object consists of the following properties
1. Status of DirectAccess - installed or uninstalled
2. Status of VPN - installed or uninstalled
3. Status of site-to-site VPN - installed or uninstalled
4. Status of load balancing - enabled or disabled
5. The name of the internet facing interface of the Remote Access server
6. The name of the internal facing interface of the Remote Access server
7. SSL certificate which is used for IP-HTTPS and SSTP
','Out':True}
Description
'This cmdlet modifies configuration that is common to both DirectAccess and VPN viz. the following 1. SSL certificate 2. Internal interface 3. Internet interface
{'Description':'Indicates the type of VPN that should be uninstalled. Can take one of the following values
1. Vpn
2. VpnS2S','In':True}
ComputerName
string
1
✓
-
{'Description':'IPv4/IPv6 address or hostname of the computer on which the remote access server machine specific tasks should be executed. If ComputerName is specified and user is trying to uninstall VPN then VPN on this Remote Access server is uninstalled','In':True}
EntrypointName
string
2
✓
-
{'Description':'Entrypoint refers to the identity of a site in a multisite deployment where VPN needs to be uninstalled. It is not applicable to DirectAccess.
If entrypoint is not specified then the entrypoint to which the server on which the cmdlet is executed belongs is used. The server could also be represented using the ComputerName parameter.
If both entrypoint and computername are specified and the ComputerName does not belong to the site represented by the entrypoint then the entrypoint takes precedence and VPN is uninstalled at the site indicated by it.
Note that in a multisite deployment case VPN can only be uninstalled one site at a time.','In':True}
Force
boolean
3
✓
-
{'Description':'Switch parameter used to suppress user confirmation prompts for the following conditions. When suppressed the cmdlet assumes user confirmation for the following changes
1. Uninstall of Remote Access after which users will not be able to connect remotely to corpnet
2. If NLS is on Directaccess server then uninstallation will lead to decommissioning of the Network location server URL and clients that have not received updated policies will always be detected to be outside corporate network and will not be able to access corporate network resources when inside the corporate network','In':True}
Description
'This cmdlet uninstalls DirectAccess and VPN (both remote access VPN and site-to-site VPN)'
Uninstall method is in 1 class (PS_RemoteAccess) of ROOT\Microsoft\Windows\RemoteAccess\MS_409 and in 5 namespaces