Wednesday, September 15, 2010

PowerShell & User Certificates

I was recently asked if I could generate a report of user certificates. I recalled doing this with a .NET class a while back, here is that function:
function Get-Certificate {      
[cmdletBinding()]      
param([Parameter(Position=0,      
Mandatory=$True,      
ValueFromPipeLine=$True)]      
[String]$user)      
    
Begin {       
  Add-PSSnapin `
         -Name Quest.ActiveRoles.ADManagement `
         -ErrorAction SilentlyContinue }      
    
Process {      
  Get-QADUser -Identity $user | `
        Foreach { $_.DirectoryEntry.userCertificate } | `
        Foreach {[System.Security.Cryptography.X509Certificates.X509Certificate2]$_} | `
        Select Issuer, Subject, NotBefore,NotAfter      
}      
}
However, assuming you have the most recent version of the Quest Active Directory cmdlets (1.4.0), this becomes a trivial task.
Get-QADUser -Identity FatBeard | Get-QADCertificate
IssuedBy                 IssuedTo   ValidFrom  ValidTo
--------                 --------   ---------  -------
OSUMC EnterpriseRoot CA  Fat Beard  6/3/2010   6/3/2011
OSUMC EnterpriseRoot CA  Fat Beard  11/9/2009  11/9/2010
Enjoy!
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)