I have a simple question in regards to key recovery agent. I understand the need for these e.g. a users key is lost due to harddrive failure, profile deletion etc. My question is why couldnt the original key simply be exported from the PKI? I'm sure im missing somethnig here would apprecaiate someone explain it to me. Thanks.

The answer is pretty simple. Key Archival provides more secure and centralized way to store key pair backup. This allows you to define the process for key recovery. With manual key export to PFX it is not possible to guarantee sucessful key recovery. Also if you have implemented smart cards Key Archival is the only way to backup certificates and private keys from smart cards.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com

Got it. Thanks.