Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

Asset Framework and PI System Explorer (PI Server 2024 R2)

TABLE OF CONTENTS

AFDiag utility parameters

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedOct 23, 2025
  • 9 minute read

Parameters for the AFDiag utility are listed in alphabetical order below.

  • /ActiveDirectory:string or /AD:string

    Tests access to Active Directory using the currently configured settings in the PI AF server. An optional user account can be specified to test another account. If an account is specified or set in the PI AF server settings, you also need to specify the Password parameter.

  • /AddIdentity:string or /AI:string

    Adds a security identity with the specified permissions to all security strings in the system. For example, to allow read and write access for IdentityName to all security strings, enter:

    /AI:"IdentityName:A(r,w)"

    If the specified security identity does not exist, it is created. Use PI System Explorer to create and/or configure mappings to the new identity.

  • /AddSecurityMapping

    Adds a security mapping between a security identity and an account ID. In the following syntax example, the parameters in brackets ([ ]) are optional. The other parameters are required.

    Supported options: [/MappingName:string] [/MappingDescription:string] [/MappingType:{Windows|Role|ClientCredential}] /AccountId:string [/AccountName:string] /IdentityName:string

    If a mapping name is not specified, the account name is used. If the mapping type is not Windows, then an account name is required; otherwise, the account name should be omitted.

    Example: AFDiag.exe /AddSecurityMapping /MappingType:Role /AccountName:Windows\Administrators /AccountId:Windows\S-1-5-32-544 /IdentityName:Administrators

  • /AuditTrailCleanupAdd:string or /ATCA:string

    Adds the specified user to the audit trail cleanup list. The audit cleanup job deletes audit records associated with this user from the PI AF SQL Server database.This parameter may be specified more than once.

  • /AuditTrailCleanupRemove:string or /ATCR:string

    Removes the specified user from the audit trail cleanup list. The audit cleanup job no longer deletes audit records associated with this user from the PI AF SQL Server database.This parameter may be specified more than once.

  • /CertificateAdd or /CA

    Adds the specified client certificate to the PI AF SQL Server database. Use the Password parameter to specify a password for the certificate, if required.

  • /CertificateList or /CL

    Lists the client certificates stored in the PI AF SQL Server database.

  • /CertificateRemove or /CR

    Removes a client certificate from the PI AF SQL Server database by specifying the name of the certificate.

  • /CertificateSet:string or /CS:string

    Sets the server certificate in the PI AF server configuration file to the specified file. Use the Password parameter to specify a password for the certificate, if required.

  • /CertificateThumbprint or /CT

    Updates the PI AF server's certificate thumbprint used for TLS encryption by specifying the thumbprint string.

    Example: /ct:1217545db7fd6981dd749d5c07a063e5118786ag

  • /CertificateValidationMode or /CVM

    Updates the PI AF server's certificate validation mode for TLS connections. Certificate validation mode will also be used by AF Client applications on the same machine as the server. The following validation modes are supported:

    • None: No validation of the certificate is performed.

    • AllowExpiredOrRevoked: This mode allows the system to accept certificates that have expired or been revoked.

    • SystemDefault: The system's default certificate validation mode is used, which means that the standard system security policies and practices for certificate validation are used.

      Example: /cvm:AllowExpiredOrRevoked

  • /ChangeID:string or /CID:string

    Changes the ID for the PI AF server to the specified GUID.

    • A return value of 1 means that the configuration change will be delayed.

    • A return value of 2 means that you must restart the PI AF server.

    • A negative return value indicates an error has occurred.

  • /ClearChangeTables or /CCT

    Clears the findChanges and afdiag tables, which record information on changes to the system.

  • /DeleteAuditTrail or /ATD

    Disables audit trail feature and deletes audit trail records in the PI AF SQL Server database. This operation permanently deletes the audit trail records, and requires sysadmin privileges. The audit trail records cannot be recovered if a delete is performed.

  • /DeleteCases:string or /DelC:string

    Deletes cases from the PI AF SQL Server database with a start time between the dates specified in local time format, using standard date notation or PI time syntax (described in PI time). If only one time is provided, it is treated as the end time.

    • To specify a time, include a time string in hh:mm:ss format.

    • To specify a database, include a database string in /Database:"DBname" or /DB:"DBname" format.

    • To specify a template in a database, include a template string in /Template:"Template Name" or /Temp:"Template Name"format, in addition to the database string.

      For example, to delete cases that start between 11 P.M. on January 31st, 2017 and 4 P.M. on June 21st, 2017, enter /DelC:"2017-01-31 23:00:00";"2017-06-21 16:00:00".

  • /DeleteDuplicates or /DD

    When used in conjunction with /FindDuplicates, deletes the duplicates that were found in SQL object tables. It is recommended that you make a backup of the PI AF SQL Server database (PIFD) before you use this parameter to delete the duplicate entries.

  • /DeleteEventFrames:string or /DelEF:string

    Deletes event frames from the PI AF SQL Server database with an end time between the dates specified in local time format, using standard date notation or PI time syntax (described in PI time). If only one time is provided, it is treated as the end time.

    • To specify a time, include a time string in hh:mm:ss format.

    • To specify a database, include a database string in /Database:"DBname" or /DB:"DBname" format.

    • To specify a template in a database, include a template string in /Template:"Template Name" or /Temp:"Template Name"format, in addition to the database string.

      For example, to delete event frames that end between 11 P.M. on January 31st, 2017 and 4 P.M. on June 21st, 2017, enter /DelEF:"2017-01-31 23:00:00";"2017-06-21 16:00:00".

      Note: Child event frames are also deleted, even if they do not match the criteria.

  • /DeleteTransfers:string or /DelTR:string

    Deletes transfers from the PI AF SQL Server database with an end time between the dates specified in local time format, using standard date notation or PI time syntax (described in PI time). If only one time is provided, it is treated as the end time.

    • To specify a time, include a time string in hh:mm:ss format.

    • To specify a database, include a database string in /Database:"DBname" or /DB:"DBname" format.

    • To specify a template in a database, include a template string in /Template:"Template Name" or /Temp:"Template Name"format, in addition to the database string.

      For example, to delete transfers that end between 11 P.M. on January 31st, 2017 and 4 P.M. on June 21st, 2017, enter /DelTR:"2017-01-31 23:00:00";"2017-06-21 16:00:00".

  • /EnableAuditTrail or /AT

    Enables audit trail feature for the PI AF SQL Server database.

  • /EnableAuditTrailCleanup[-] or /ATC[-]

    Enables audit trail cleanup feature for the PI AF SQL Server database. Requires sysadmin privileges.

  • /EnableExternalDataTables[-] or /DT[-]

    Enables or disables support for external PI AF tables.

  • /EnablePropagationOfTargetDeletion[-] or /PTD[-]

    Enables support for propagating the deletion of targets (elements) to the referencing analyses and notifications.

  • /ExeFile:string or /F:string

    The path to the PI AF server executable file. Default value is AFService.exe.

  • /ExternalDataTablesAllowNonImpersonatedUsers[-] or /DTImp[-]

    Enables support for external PI AF tables for non-impersonated users.

  • @file

    Reads response file for more options. The response file must contain one parameter per line. Comment lines start with the '#' character.

  • /FileExtensions:string or /FE:string

    Defines the types of file objects that can be attached to a PI AF file object, such as an annotation. The following file types are supported:

    • MS Office: csv, docx, pdf, xlsx

    • Text: rtf, txt

    • Image: gif, jpeg, jpg, png, svg, tiff

      Enter the extensions as a colon-separated list, for example:

      /FE:docx:xlsx:csv:pdfd:jpg:png

  • /FileExtensionsAdd:string or /FEA:string

    Adds an additional file extension to the list of allowed PI AF file object types. See the list of supported file types above.

    You can specify this parameter more than once.

  • /FileExtensionsRemove:string or /FER:string

    Removes a file extension from the list of allowed PI AF file object types. See the list of supported file types above.

    You can specify this parameter more than once.

  • /FileMaxLength:integer or /FML:integer

    Defines the maximum size in megabytes of a PI AF file object, such as an annotation. A value of zero disables support for all files. The default maximum allowed file size is 10MB.

  • /FindDuplicates or /FD

    Searches for duplicate entries in all object tables and returns a list of tables. It identifies how many duplicates were found in each object table and logs them in an XML file. Be sure to make a backup of the PI AF SQL Server database (PIFD) before you use this parameter in conjunction with the /DeleteDuplicates parameter to delete the duplicate entries.

    Note: Since duplicate rows are unexpected under normal circumstances, contact Technical Support to help diagnose how the duplicate rows may have been created.

  • /MaintenanceJob or /MJ

    Manually runs the AF Maintenance job, which performs these maintenance tasks to improve PI AF Server's responsiveness: Cleans up orphaned and deleted database elements, updates the path cache, rebuilds the index, and updates statistics. This parameter can be used to perform Azure SQL maintenance tasks.

    Note: While running the AF Maintenance job helps to improve SQL Server performance, you may experience slower system response times during run-time. You should schedule the AF Maintenance job during off-peak hours, such as at night or during a scheduled maintenance window to avoid system disruptions.

  • /NewID or /NID

    Generates a new ID for the PI AF server.

    • A return value of 1 means that the configuration change will be delayed.

    • A return value of 2 means that you must restart the PI AF server.

    • A negative return value indicates an error has occurred.

  • /Password or /PWD

    Specifies a certificate password for the ActiveDirectory, CertificateAdd, CertificateSet, or PasswordEncryptionCertificate options.

  • /PasswordEncryptionCertificate:string or /PEC:string

    Replaces the default password encryption for external database passwords with a custom certificate file. Use the Password option to specify a password for the certificate, if required.

  • /PlugInVerifyLevel:level or /VL:level

    Configures the level of verification required for plug-ins to run. Valid levels are:

    • RequireSigned

      Runs only plug-ins with valid signatures.

    • RequireSignedTrustedProvider

      Runs only plug-ins with a valid signature from a trusted provider.

      Note: The None and AllowUnsigned levels are only supported in PI AF Client 2018 SP3 Patch 1 and earlier versions. (None: Disables validation; runs all plug-ins. AllowUnsigned: Runs unsigned plug-ins and plug-ins with valid signatures.)

  • /Port:integer or /P:integer

    Tests the specified port to the PI AF server. This is used to perform a basic port test to see if specified port on the computer used by the PI AF server can be opened and something is listening for a connection on the port. The standard ports used by the PI AF server are 5457 and 5459. This is similar to attempting to test a port using Telnet. It tests all IP addresses for the computer (both IPv4 and IPv6 addresses). Typically, you would test both ports 5457 and 5459.

  • /RebuildPathCache or /RPC

    Rebuilds the path cache to each element in the PI AF SQL Server database. The path cache can become outdated after significant data insertions, edits, and/or deletions. Rebuilding the path cache can improve the PI AF server’s performance.

    Note: The stored procedure used to rebuild the path cache is not supported on a secondary PI AF server (a subscriber) in a PI AF collective.

  • /Reindex or /RI

    Completely rebuilds every index in the PI AF SQL Server database. This substantially improves the PI AF server’s performance after a massive data insertion.

  • /RemoveSecurityMapping

    Removes a security mapping between a security identity and an account.

    Example: AFDiag.exe /RemoveSecurityMapping /MappingName:Windows\Administrators

  • /ResetAdministrator:string or /SRA:string

    Resets the permissions on the Administrators identity to allow full privileges on the local PI System. This parameter requires sysadmin or db_owner privileges.

    The default /sra enables privileges for the BUILTIN\Administrators account.

    /sra:domainName\username enables privileges for a particular user account.

  • /ResetIdentityColumnSeeds

    Resets and synchronizes the element count in the SQL object tables. This parameter should be run after a successful PI AF database migration to Azure SQL.

  • /RunAuditTrailCleanup or /ATR

    Runs the audit trail cleanup feature for the AF SQL database, and removes audit logs for any user that is specified by the AuditTrailCleanupAdd command. Requires 'db_owner' privileges.

  • /Silent[-] or /S[-]

    Runs silent mode and prevents message display.

  • /TrustedProviderAdd:providername or /PA:providername

    Adds the specified provider to the list of trusted plug-in providers. To add providers, you must have SQL Server sysadmin server role or db_AFadmin database role.

  • /TrustedProviderList or /PL

    Displays a list of trusted plug-in providers. To list providers, you must have SQL Server sysadmin server role or db_AFadmin database role.

  • /TrustedProviderRemove:providername or /PR:providername

    Removes the specified provider from the list of trusted plug-in providers. To delete providers, you must have SQL Server sysadmin server role or db_AFadmin database role.

  • /UomCaseSensitive[-] or /UCS[-]

    Changes configuration of UOM abbreviations from case insensitive to case sensitive in the PI AF SQL Server database. When enabled, only a 2015 R2 (v2.7.5) or later PI AF Client can connect.

    For more information, see Enable case-sensitive UOM abbreviations.

  • /UpgradeAuditTrail or /ATU

    Upgrades audit trail records in the PI AF SQL Server database. Supports upgrades from PI AF 2.6 or later.

  • /Version or /V

    Displays version information.

TitleResults for “How to create a CRG?”Also Available in