Created
December 18, 2023 18:35
-
-
Save SMSAgentSoftware/c649b829ab3700e4bf587db13f2731c9 to your computer and use it in GitHub Desktop.
Retrieve your Intune tenant/account Id from a locally installed Intune certificate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using namespace System.Security.Cryptography.X509Certificates | |
function Get-IntuneTenantId { | |
# Check if "using namespace System.Security.Cryptography.X509Certificates" has been run | |
try | |
{ | |
$x509Store = [X509Store]::new([StoreName]::My,[StoreLocation]::LocalMachine) | |
} | |
# If not, add the required type accelerators | |
catch | |
{ | |
$Accelerators = [PowerShell].Assembly.GetType("System.Management.Automation.TypeAccelerators") | |
$Accelerators::Add("X509Certificate2","System.Security.Cryptography.X509Certificates.X509Certificate2") | |
$Accelerators::Add("x509Store","System.Security.Cryptography.X509Certificates.X509Store") | |
$Accelerators::Add("X509FindType","System.Security.Cryptography.X509Certificates.X509FindType") | |
$Accelerators::Add("StoreName","System.Security.Cryptography.X509Certificates.StoreName") | |
$Accelerators::Add("StoreLocation","System.Security.Cryptography.X509Certificates.StoreLocation") | |
$Accelerators::Add("OpenFlags","System.Security.Cryptography.X509Certificates.OpenFlags") | |
$x509Store = [X509Store]::new([StoreName]::My,[StoreLocation]::LocalMachine) | |
} | |
# Check the LocalMachine store for the Intune certificate | |
$x509Store.Open([OpenFlags]::ReadOnly) | |
[System.Object]$certExtension = "1.2.840.113556.5.6" | |
$certCollection = $x509Store.Certificates.Find([X509FindType]::FindByExtension,$certExtension,$false) | |
$x509Store.Close() | |
# If not found, check the CurrentUser store | |
if ($certCollection.Count -eq 0) | |
{ | |
$x509Store = [X509Store]::new([StoreName]::My,[StoreLocation]::CurrentUser) | |
$x509Store.Open([OpenFlags]::ReadOnly) | |
$certCollection = $x509Store.Certificates.Find([X509FindType]::FindByExtension,$certExtension,$false) | |
$x509Store.Close() | |
} | |
# Check we have a certificate | |
If ($certCollection.Count -eq 0) | |
{ | |
Write-Error "Intune Certificate not found" | |
return | |
} | |
# Make sure we have the current certificate | |
[X509Certificate2]$ActiveCert = $certCollection | Sort ExpiryDate -Descending | Select -first 1 | |
# Convert the Oid into a string array | |
$Oid = $ActiveCert.Extensions | Where-Object {$_.Oid.Value -eq $certExtension} | |
$BitString = [System.BitConverter]::ToString($Oid.RawData) | |
$StringArrayList = [System.Collections.Generic.List[string]]::new($BitString.Split("-")) | |
# Remove the first two items | |
$StringArrayList.RemoveAt(0) | |
$StringArrayList.RemoveAt(0) | |
# Reverse the order of the jumbled items | |
$NewStringArrayList = [System.Collections.Generic.List[string]]::new() | |
$NewStringArrayList.Add($StringArrayList[3]) | |
$NewStringArrayList.Add($StringArrayList[2]) | |
$NewStringArrayList.Add($StringArrayList[1]) | |
$NewStringArrayList.Add($StringArrayList[0]) | |
$NewStringArrayList.Add("-") | |
$NewStringArrayList.Add($StringArrayList[5]) | |
$NewStringArrayList.Add($StringArrayList[4]) | |
$NewStringArrayList.Add("-") | |
$NewStringArrayList.Add($StringArrayList[7]) | |
$NewStringArrayList.Add($StringArrayList[6]) | |
$NewStringArrayList.Add("-") | |
$NewStringArrayList.Add($StringArrayList[8]) | |
$NewStringArrayList.Add($StringArrayList[9]) | |
$NewStringArrayList.Add("-") | |
# Add the remaining items | |
$NewStringArrayList.AddRange([string[]]$StringArrayList[10..15]) | |
# Join and return the string | |
return $NewStringArrayList -join "" | |
} | |
# Example | |
Get-IntuneTenantId |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment