In SQL 2016 and Azure SQL there is a new powerful feature - Always Encrypted which allows to keep the encryption key outside of the database (for increased security). When dealing with encrypted data at rest we need to be able to change (rotate) the encryption key either on schedule or upon a request. Microsoft provides a example of a PowerShell script that re-encrypts the all data in a database with a new column encryption key. I used that example to create my own script. The first setback with the following cmdlet Set-SqlColumnEncryption -ColumnEncryptionSettings $ces -InputObject $database -UseOnlineApproach -MaxDowntimeInSeconds 120 -LogFileDirectory . was a syntax error Set-SqlColumnEncryption : A parameter cannot be found that matches parameter name 'UseOnlineApproach'. It was easy to fix - I removed all the parameters except for ColumnEnxryptionSettings and InputObject. But then the same cmdlet failed at the execution time with this error. Se