Skip to content

Instantly share code, notes, and snippets.

@HarmJ0y

HarmJ0y/dc_cert_template.ps1

Created September 13, 2021 21:43
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save HarmJ0y/eb2d41b68cd62c8895a80ca4219bc0a6 to your computer and use it in GitHub Desktop.
Save HarmJ0y/eb2d41b68cd62c8895a80ca4219bc0a6 to your computer and use it in GitHub Desktop.
Download ZIP
DC Certificate Template Enumeration
Raw
dc_cert_template.ps1
$Results = ([adsisearcher]"(&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))").FindAll() | % {
$Entry = $_.GetDirectoryEntry()
$SAM = $Entry.samAccountName[0]
$DN = $Entry.distinguishedName[0]
try {
$Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 @($Entry.userCertificate)
$Exp = $Cert.GetExpirationDateString()
$TemplateExt = $Cert.Extensions | Where-Object{ ( $_.Oid.FriendlyName -eq 'Certificate Template Name') } | Select-Object -First 1
[pscustomobject] @{
'SamAccountName'=$SAM
'DistinguishedName'=$DN
'Thumprint'=$Cert.Thumbprint
'Expiration'=$Cert.GetExpirationDateString()
'TemplateName'=$TemplateExt.Format(1)
}
}
catch {
Write-Warning "Error retrieving the certificate from DC '$DN' !"
}
}
$Results | fl
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment