Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Script to retrieve AD CA issued certificates: Sort it 1

Status
Not open for further replies.

woter324

Technical User
Jan 26, 2007
179
GB
Hi,

I have the code below that I can point to my local Active Directory Certificate Authority and it will pull back expiring certificates, based on a set number of days. It works well, however, I am having difficulty sorting the output by $cert."Certificate Expiration Date" and it also seems to be commming out with US date format, rather that UK, as per the PC's local settings.

Code:
function get-ExpiringCerts ($duedays=60,$CAlocation="CAServer\Some Root CA") {
  $certs = @()
  $now = get-Date;
  $expirationdate = $now.AddDays($duedays)
  $CaView = New-Object -Com CertificateAuthority.View.1
  [void]$CaView.OpenConnection($CAlocation)
  $CaView.SetResultColumnCount(5)
  $index0 = $CaView.GetColumnIndex($false, "Issued Common Name")
  $index1 = $CaView.GetColumnIndex($false, "Certificate Expiration Date")
  $index2 = $CaView.GetColumnIndex($false, "Issued Email Address")
  $index3 = $CaView.GetColumnIndex($false, "Certificate Template")
  $index4 = $CaView.GetColumnIndex($false, "Request Disposition")
  $index0, $index1, $index2, $index3, $index4 | %{$CAView.SetResultColumn($_) }

  # CVR_SORT_NONE 0
  # CVR_SEEK_EQ  1
  # CVR_SEEK_LT  2
  # CVR_SEEK_GT  16


  $index1 = $CaView.GetColumnIndex($false, "Certificate Expiration Date")
  $CAView.SetRestriction($index1,16,0,$now)
  $CAView.SetRestriction($index1,2,0,$expirationdate)

  # brief disposition code explanation:
  # 9 - pending for approval
  # 15 - CA certificate renewal
  # 16 - CA certificate chain
  # 20 - issued certificates
  # 21 - revoked certificates
  # all other - failed requests
  $CAView.SetRestriction($index4,1,0,20)

  $RowObj= $CAView.OpenView() 

  while ($Rowobj.Next() -ne -1){
    $Cert = New-Object PsObject
    $ColObj = $RowObj.EnumCertViewColumn()
    [void]$ColObj.Next()
    do {
      $current = $ColObj.GetName()
      $Cert | Add-Member -MemberType NoteProperty $($ColObj.GetDisplayName()) -Value $($ColObj.GetValue(1)) -Force  
    } until ($ColObj.Next() -eq -1)
    Clear-Variable ColObj
    $datediff = New-TimeSpan -Start ($now) -End ($cert."Certificate Expiration Date")
    
       
    "Certificate " + $cert."Issued Common Name" + " will expire in " + $dateDiff.Days + " days at " + $cert."Certificate Expiration Date"
    #"Send email to : " + $cert."Issued Email Address"
    "------------------------"
  }
  $RowObj.Reset()
  $CaView = $null
  [GC]::Collect()
}

get-ExpiringCerts -duedays 365 -CAlocation "CAServer\Some Root CA"

I think I need to put sort-object at the begining of the collection, however I have been unsuccessful.

If anyone could point me in the right direction, I'd be most grateful.

Many thanks

W.
 
Hi,

How do i run this script

I have copied the script and created a cascript.ps1 file and changed the $CAlocation="CAServer\Some Root CA" to the correct location and $duedays=365 though when I run it in powershell ./cascript.ps1 it doesn't output anything....

any help will be greatly appreciated. Thanks
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top