Retrieves all published to Active Directory Key Recovery Agents (KRA) certificates.
Get-ADKRACertificate [[-Subject] <String>] [[-Issuer] <String>] [-ValidOnly] [-ShowUI] [<CommonParameters>]
Retrieves all published to Active Directory Key Recovery Agents (KRA) certificates. This command must be used to retrieve key recovery agent certificates for Add-CAKRACertificate command purposes.
Specifies a filter for Subject field (distinguished name format). This parameter works in conjunction with other parameters.
This parameter accepts the following wildcard characters:
? -- for single wildcard character matching
* -- for multiple wildcard character matching
Required? | False |
Position? | 0 |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | True |
Specifies a filter for Issuer field (distinguished name format). This parameter works in conjunction with other parameters.
This parameter accepts the following wildcard characters:
? -- for single wildcard character matching
* -- for multiple wildcard character matching
Required? | False |
Position? | 1 |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | True |
Specifies whether to return only valid certificates. Valid KRA certificate must conform the following requirements:
-- time valid
-- has valid certificate chain up to any trusted root
-- is not revoked
-- valid for 'Key Recovery Agent' application policy (enhanced key usage)
This parameter works in conjunction with other parameters.
Required? | False |
Position? | named |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
Displays a certificate pickup UI window. By using this window you can select one or more KRA certificates to use.
This parameter works in conjunction with other parameters.
Required? | False |
Position? | named |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
None.
System.Security.Cryptography.X509Certificates.X509Certificate2[]
Author: Vadims Podans
Blog: https://www.sysadmins.lv
PS C:\> Get-ADKRACertificate
Returns all published to Active Directory KRA certificates without performing any certificate checking.
PS C:\> Get-ADKRACertificate -Issuer "*MyCA*" -ValidOnly
Returns all valid KRA certificates issued by a CA server which name (including DN suffixes) contains "MyCA" string.
Get-CAKRACertificate
Add-CAKRACertificate
Remove-CAKRACertificate
Set-CAKRACertificate