Skip to content

Instantly share code, notes, and snippets.

@awakecoding

awakecoding/Get-ADCertificateAuthority.ps1

Last active August 18, 2023 19:04
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save awakecoding/cbd1c3b82ab76653b9858a2788a7c895 to your computer and use it in GitHub Desktop.
Save awakecoding/cbd1c3b82ab76653b9858a2788a7c895 to your computer and use it in GitHub Desktop.
Download ZIP
Get-ADCertificateAuthority.ps1
Raw
Get-ADCertificateAuthority.ps1
$ConfigurationDN = $([ADSI]"LDAP://RootDSE").ConfigurationNamingContext;
$SearchRoot = "LDAP://CN=Enrollment Services,CN=Public Key Services,CN=Services,$ConfigurationDN"
$SearchFilter = "(objectCategory=pkiEnrollmentService)"
$EnrollmentServices = @()
(New-Object adsiSearcher([ADSI]$SearchRoot,$SearchFilter)).FindAll() | ForEach-Object {
$EnrollmentServices += [PSCustomObject] [hashtable] $_.Properties
}
@albert-widjaja
Copy link

albert-widjaja commented Aug 11, 2023
edited

Hi @awakecoding ,
When I execute the code on my newly installed Windows 11 computer, nothing is returned. However, with this code, it works:

$ConfigurationDN = $([ADSI]"LDAP://RootDSE").ConfigurationNamingContext;
$SearchRoot = "LDAP://CN=Enrollment Services,CN=Public Key Services,CN=Services,$ConfigurationDN"
$SearchFilter = "(objectCategory=pkiEnrollmentService)"

foreach ($CAEnrollService in (New-Object adsiSearcher([ADSI]$SearchRoot, $SearchFilter)).FindAll()) {
    $serviceProperties = [ordered]@{}
    foreach ($propName in 'Name CN DnsHostName'.Split()) {
        $serviceProperties[$propName] = $CAEnrollService.Properties[$propName] | Select-Object -First 1
    }

    [pscustomobject]$serviceProperties
}

@awakecoding
Copy link
Author

@albert-widjaja do you have more than one CAs? I wonder if that's the main difference

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment