Comments on this page are supposed to improve article content and no technical support is provided. For technical questions, please visit project home page at: https://pspki.codeplex.com/

Remove-DatabaseRow

Remove-DatabaseRow

Synopsis

Removes CA database rows individually or in a bulk based on removal filter.

Syntax

Remove-DatabaseRow -Request <Object> [<CommonParameters>]

Remove-DatabaseRow -CertificationAuthority <CertificateAuthority[]> [-Filter <String> {ExpiredCerts | ExpiredFailedPending | Request | CRL} ] -RemoveBefore <DateTime> [<CommonParameters>]

Description

Removes CA database rows individually or in a bulk based on removal filter. This command is mainly used to reduce CA database size by removing old and unnecessary database rows.

Hint: when you remove large number of database rows, it is recommended to perform a full CA database backup and restore to efficiently re-allocate disk space and update database log files.

Parameters

-Request <Object>

Specifies the request row object to remove from database.

Note: removal for database row objects that represent 'Attribute' or 'Extension' table is not supported. When database row from 'Request' table is removed, corresponding entries in 'Attribute' and 'Extension' tables are removed by CA server internally.

Required? True
Position? named
Default value  
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? False

-Filter <String>

Specifies the filter that is used to determine the type of database rows to be deleted. This parameter works in conjunction with 'RemoveBefore' and 'CertificationAuthority' parameters. The following filters are available:
ExpiredCerts -- removes issued and revoked certificates that expired (based on NotAfter field value) before the date specified in the 'RemoveBefore' parameter.
ExpiredFailedPending -- removes issued and revoked certificates that were last modified before the date specified in the 'RemoveBefore' parameter.
Request -- combines previous two filters.
CRL -- removes published CRLs that expired (base on NextPublish field value) before the date specified in the 'RemoveBefore' parameter.

Required? False
Position? named
Default value  
Accept pipeline input? false
Accept wildcard characters? False

-CertificationAuthority <CertificateAuthority[]>

Specifies the certification authority to process. This parameter works in conjunction with 'Filter' and 'RemoveBefore' parameters.

Required? True
Position? named
Default value  
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? False

-RemoveBefore <DateTime>

Specifies an expiration date when deleting certificates or CRLs, and a last modified date when deleting certificate requests. This parameter has no effect when you pass individual row objects.

Warning: if this parameter is not set, the command will remove all database rows specified by a filter! Think twice!

Required? True
Position? named
Default value  
Accept pipeline input? false
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

PKI.CertificateServices.DB.RequestRow

PKI.CertificateServices.CertificateAuthority

Outputs

None.

Notes

Author: Vadims Podans
Blog: https://www.sysadmins.lv

Examples

Example 1

PS C:\> Get-CertificationAuthority "ca01.company.com" | Get-PendingRequest -RequestID 15,63,112 | Remove-DatabaseRow

In this example, pending requests with RequestID equals to 15, 63 and 112 will be removed from CA database.

Example 2

PS C:\> Get-CertificationAuthority "ca01.company.com" | Get-FailedRequest | Remove-DatabaseRow

This command will remove all failed request. Other request types and tables will be untouched.

Example 3

PS C:\> Get-CertificationAuthority "ca01.company.com" | Remove-DatabaseRow -Filter "Request" -RemoveBefore $((Get-Date).AddYears(-1))
PS C:\> Get-CertificationAuthority "ca01.company.com" | Remove-DatabaseRow -Filter "CRL" -RemoveBefore $((Get-Date).AddYears(-1))

In this example, two commands are used to perform a full CA database cleanup. All certificate reuqests and CRLs that expired (or last modified for pending and failed requests) one year ago.

Related links

Get-CertificationAuthority
Connect-CertificationAuthority
Get-RevokedRequest
Get-IssuedRequest
Get-PendingRequest
Get-FailedRequest
Get-DatabaseRow

PowerShell Support

  • PowerShell 3.0

Operating System Support

Comments:

Captcha