Retrieves Active Directory Certificate Services (AD CS) management and request interface flags.
Get-InterfaceFlag [-CertificationAuthority] <CertificateAuthority[]> [<CommonParameters>]
Retrieves Active Directory Certificate Services (AD CS) management and request interface flags.
Management interface is implemented in ICertAdmin and request interface is implemented in ICertRequest. By using this (and related commands, such Enable-InterfaceFlag and Disable-InterfaceFlag) you can limit these interface usage. For example you can prevent AD CS remote management with ICertAdmin interface and allow AD CS management only locally.
Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.
Required? | True |
Position? | 0 |
Default value | |
Accept pipeline input? | true (ByValue, ByPropertyName) |
Accept wildcard characters? | False |
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
PKI.CertificateServices.CertificateAuthority
PKI.CertificateServices.Flags.InterfaceFlag
Author: Vadims Podans
Blog: https://www.sysadmins.lv
PS C:\> Get-CertificationAuthority -name "company-CA1" | Get-InterfaceFlag
Returns 'company-CA1' CA server management and enrollment interface settings.
PS C:\> Get-CertificationAuthority | Get-InterfaceFlag
Returns management and enrollment interface settings for all Enterprise CA servers in the current Active Directory forest.
PS C:\> Get-CertificationAuthority -name "company-CA01" | Get-InterfaceFlag | Disable-InterfaceFlag -Flag "NoLocalIcertRequest" -RestartCA
This example removes local enrollment restriction for "company-CA01" CA server. After the configuration is changed, the command will restart certificate services to immediately apply changes.
PS C:\> Get-CertificationAuthority | Get-InterfaceFlag | Disable-InterfaceFlag -Flag "NoRemoteICertAdminBackup" -RestartCA
This example removes remote backup restrictions for all Enterprise CAs in the current Active Directory forest. After the configuration is changed, the command will restart certificate services to immediately apply changes.
PS C:\> Get-CertificationAuthority -name "company-CA01" | Get-InterfaceFlag | Enable-InterfaceFlag -Flag "NoRemoteIcertAdmin", "NoRemoteICertAdminBackup" -RestartCA
This example restricts "company-CA01" CA server remote management and remote backup operations. After the configuration is changed, the command will restart certificate services to immediately apply changes.
PS C:\> Get-CertificationAuthority | Get-InterfaceFlag | Enable-InterfaceFlag -Flag "EnableAdminAsAuditor" -RestartCA
This example grants CA Administrators CA Auditor role for all Enterprise CAs in the current forest. After the configuration is changed, the command will restart certificate services to immediately apply changes.
Get-CertificationAuthority
Connect-CertificationAuthority
Enable-InterfaceFlag
Disable-InterfaceFlag
Restore-InterfaceFlagDefault