Adds certificate revocation list (CRL) to Active Directory.
Add-AdCertificateRevocationList [-CdpContainer] <DsCDPContainer> [-CertificateRevocationList] <X509CRL2> [[-HostName] <String>] [-Dispose] [<CommonParameters>]
Adds certificate revocation list (CRL) to Active Directory. CRLs are stored in Active Directory under 'CN=CDP, CN=Public Key Services, CN=Services, {ConfigurationNamingContext}'. A subcontainer is created for each CA under CDP container. Subcontainer, usually, is short or NetBIOS name of CA server. Custom names are supported. Subcontainer stores CRL entries for each CA private key. Unlike other AD PKI containers, contents of CDP container is not propagated to clients and are used only when explicit URL is specified in the certificate's CDP (CRL Distribution Points) extension.
Specifies the CDP container object to add the CRL to.
Required? | True |
Position? | 0 |
Default value | |
Accept pipeline input? | true (ByValue, ByPropertyName) |
Accept wildcard characters? | False |
Specifies the certificate revocation list object to add.
Required? | True |
Position? | 1 |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
Specifies the subcontainer name which is usually a short or NetBIOS name of CA computer. This parameter can be omitted when CRL includes 'Published CRL Locations' CRL extension, which includes exact path in Active Directory to publish to. If CRL doesn't include 'Published CRL Locations' CRL extension, this parameter is required, otherwise, an error will be thrown.
Required? | False |
Position? | 2 |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
Disposes input AD container object. AD container object contains active reference to LDAP object and it is recommended to release object when it is no longer necessary to avoid memory leaks.
Required? | False |
Position? | named |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
SysadminsLV.PKI.Management.ActiveDirectory.DsCDPContainer
SysadminsLV.PKI.Management.ActiveDirectory.DsCDPContainer
Author: Vadims Podans
Blog: https://www.sysadmins.lv
PS C:\> $crl = Get-CRL -Path "c:\pki\contoso subca.crl" PS C:\> Get-AdPkiContainer -ContainerType CDP | Add-AdCertificateRevocationList -CRL $crl -HostName "subca01" -Dispose
This command reads CRL object from file, retrieves CDP container from Active Directory and writes CRL to CDP object. During object creation, a dedicated subcontainer with name 'subca01' under CDP container is created. After operation completion, input object (CDP container) is disposed.
Get-AdPkiContainer
Remove-AdCertificateRevocationList
Add-AdCertificate
Remove-AdCertificate