Comments on this page are supposed to improve article content and no technical support is provided. For technical questions, please visit project home page at: https://github.com/Crypt32/PSPKI

Get-ADKRACertificate

[This command is not available in non-domain environments]

[This command requires installed Remote Server Administration Tools (RSAT)]

Get-ADKRACertificate

Synopsis

Retrieves all published to Active Directory Key Recovery Agents (KRA) certificates.

Syntax

Get-ADKRACertificate [[-Subject] <String>] [[-Issuer] <String>] [-ValidOnly] [-ShowUI] [<CommonParameters>]

Description

Retrieves all published to Active Directory Key Recovery Agents (KRA) certificates. This command must be used to retrieve key recovery agent certificates for Add-CAKRACertificate command purposes.

Parameters

-Subject <String>

Specifies a filter for Subject field (distinguished name format). This parameter works in conjunction with other parameters.

This parameter accepts the following wildcard characters:
? -- for single wildcard character matching
* -- for multiple wildcard character matching

Required? False
Position? 0
Default value  
Accept pipeline input? false
Accept wildcard characters? True

-Issuer <String>

Specifies a filter for Issuer field (distinguished name format). This parameter works in conjunction with other parameters.

This parameter accepts the following wildcard characters:
? -- for single wildcard character matching
* -- for multiple wildcard character matching

Required? False
Position? 1
Default value  
Accept pipeline input? false
Accept wildcard characters? True

-ValidOnly <SwitchParameter>

Specifies whether to return only valid certificates. Valid KRA certificate must conform the following requirements:

-- time valid
-- has valid certificate chain up to any trusted root
-- is not revoked
-- valid for 'Key Recovery Agent' application policy (enhanced key usage)

This parameter works in conjunction with other parameters.

Required? False
Position? named
Default value  
Accept pipeline input? false
Accept wildcard characters? False

-ShowUI <SwitchParameter>

Displays a certificate pickup UI window. By using this window you can select one or more KRA certificates to use.

This parameter works in conjunction with other parameters.

Required? False
Position? named
Default value  
Accept pipeline input? false
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

None.

Outputs

System.Security.Cryptography.X509Certificates.X509Certificate2[]

Notes

Author: Vadims Podans
Blog: https://www.sysadmins.lv

Examples

Example 1

PS C:\> Get-ADKRACertificate

Returns all published to Active Directory KRA certificates without performing any certificate checking.

Example 2

PS C:\> Get-ADKRACertificate -Issuer "*MyCA*" -ValidOnly

Returns all valid KRA certificates issued by a CA server which name (including DN suffixes) contains "MyCA" string.

Related links

Get-CAKRACertificate
Add-CAKRACertificate
Remove-CAKRACertificate
Set-CAKRACertificate

PowerShell Support

  • PowerShell 3.0

Operating System Support

  • Windows XP
  • Windows Vista
  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows Server 2003 all editions
  • Windows Server 2008 all editions
  • Windows Server 2008 R2 all editions
  • Windows Server 2012 all editions
  • Windows Server 2012 R2 all editions

Comments:

Captcha