ConanChiles/Cert2TemplateName.ps1

## Cert2TemplateName.ps1
Set-StrictMode -Version 'Latest'
$ErrorActionPreference = 'Stop'
$VerbosePreference     = 'Continue'

function fnCert2TemplateName {
    [CmdletBinding()]
    [OutputType([hashtable])]

    Param(
        [Parameter( Mandatory = $true )]
        [System.Security.Cryptography.X509Certificates.X509Certificate2[]]$X509Cert
    )

    $X509Cert | Format-Table -AutoSize -Property ('Thumbprint', 'Subject') | Format-Table -AutoSize | Out-String | Write-Verbose

    # OID 1.3.6.1.4.1.311.21.7
    # https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wcce/9da866e5-9ce9-4a83-9064-0d20af8b2ccf
    $oidCertTemplate = '1.3.6.1.4.1.311.21.7'

    $Cert2TemplateName = [hashtable]::new([System.StringComparer]::OrdinalIgnoreCase)

    foreach ( $cert in $X509Cert ) {
        ('cert: "' + $cert.Thumbprint + '"' ) | Write-Verbose

        if ( $Cert2TemplateName.ContainsKey($cert.Thumbprint) ) {
            'duplicate thumbprint, skipping' | Write-Verbose
            continue
        }

        $TemplateInfoString = [string]::Empty

        if ( $cert.Extensions.Count -ne 0 ) {
            if ( $cert.Extensions.Oid.Value.Contains($oidCertTemplate) ) {
                $TemplateInfoString = $cert.Extensions | Where-Object -FilterScript {
                    $PSItem.Oid.Value -eq $oidCertTemplate
                } | ForEach-Object -Process {
                    $PSItem.Format($true) -split [System.Environment]::NewLine | Select-Object -First 1
                }

                # string will look something like this
                # Template=blah blah blah(1.3.6.1.4.1.311.21.8.222222.333333.444444.555555.666666.77.888888.999999)
                $TemplateInfoString = [regex]::Replace($TemplateInfoString, '(?i)^Template=', '')
                $TemplateInfoString = [regex]::Replace($TemplateInfoString, '\(([^)]*)\)[^(]*$', '')
            } else {
                'no template OID value' | Write-Verbose
            }
        } else {
            'no extensions' | Write-Verbose
        }

        $Cert2TemplateName.Add(
            $cert.Thumbprint,
            $TemplateInfoString
        )
    }

    return $Cert2TemplateName
}


fnCert2TemplateName -Verbose -X509Cert (Get-ChildItem -LiteralPath 'Cert:\LocalMachine\' -Recurse | Where-Object -FilterScript {
    $PSItem -is [System.Security.Cryptography.X509Certificates.X509Certificate2]
}) | ForEach-Object -Process {
    $PSItem.GetEnumerator() | Where-Object -FilterScript { ![string]::IsNullOrWhiteSpace($PSItem.Value) }
} | Format-Table -AutoSize
	Set-StrictMode -Version 'Latest'
	$ErrorActionPreference = 'Stop'
	$VerbosePreference = 'Continue'

	function fnCert2TemplateName {
	[CmdletBinding()]
	[OutputType([hashtable])]

	Param(
	[Parameter( Mandatory = $true )]
	[System.Security.Cryptography.X509Certificates.X509Certificate2[]]$X509Cert
	)

	$X509Cert \| Format-Table -AutoSize -Property ('Thumbprint', 'Subject') \| Format-Table -AutoSize \| Out-String \| Write-Verbose

	# OID 1.3.6.1.4.1.311.21.7
	# https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wcce/9da866e5-9ce9-4a83-9064-0d20af8b2ccf
	$oidCertTemplate = '1.3.6.1.4.1.311.21.7'

	$Cert2TemplateName = [hashtable]::new([System.StringComparer]::OrdinalIgnoreCase)

	foreach ( $cert in $X509Cert ) {
	('cert: "' + $cert.Thumbprint + '"' ) \| Write-Verbose

	if ( $Cert2TemplateName.ContainsKey($cert.Thumbprint) ) {
	'duplicate thumbprint, skipping' \| Write-Verbose
	continue
	}

	$TemplateInfoString = [string]::Empty

	if ( $cert.Extensions.Count -ne 0 ) {
	if ( $cert.Extensions.Oid.Value.Contains($oidCertTemplate) ) {
	$TemplateInfoString = $cert.Extensions \| Where-Object -FilterScript {
	$PSItem.Oid.Value -eq $oidCertTemplate
	} \| ForEach-Object -Process {
	$PSItem.Format($true) -split [System.Environment]::NewLine \| Select-Object -First 1
	}

	# string will look something like this
	# Template=blah blah blah(1.3.6.1.4.1.311.21.8.222222.333333.444444.555555.666666.77.888888.999999)
	$TemplateInfoString = [regex]::Replace($TemplateInfoString, '(?i)^Template=', '')
	$TemplateInfoString = [regex]::Replace($TemplateInfoString, '\(([^)])\)[^(]$', '')
	} else {
	'no template OID value' \| Write-Verbose
	}
	} else {
	'no extensions' \| Write-Verbose
	}

	$Cert2TemplateName.Add(
	$cert.Thumbprint,
	$TemplateInfoString
	)
	}

	return $Cert2TemplateName
	}


	fnCert2TemplateName -Verbose -X509Cert (Get-ChildItem -LiteralPath 'Cert:\LocalMachine\' -Recurse \| Where-Object -FilterScript {
	$PSItem -is [System.Security.Cryptography.X509Certificates.X509Certificate2]
	}) \| ForEach-Object -Process {
	$PSItem.GetEnumerator() \| Where-Object -FilterScript { ![string]::IsNullOrWhiteSpace($PSItem.Value) }
	} \| Format-Table -AutoSize