Removes CA database rows individually or in a bulk based on removal filter.
Remove-AdcsDatabaseRow -Request <Object> [<CommonParameters>] Remove-AdcsDatabaseRow -CertificationAuthority <CertificateAuthority[]> [-Filter <String> {ExpiredCerts | ExpiredFailedPending | Request | CRL} ] -RemoveBefore <DateTime> [<CommonParameters>]
Removes CA database rows individually or in a bulk based on removal filter. This command is mainly used to reduce CA database size by removing old and unnecessary database rows.
Hint: when you remove large number of database rows, it is recommended to perform a full CA database backup and restore to efficiently re-allocate disk space and update database log files.
Specifies the request row object to remove from database.
Note: removal for database row objects that represent 'Attribute' or 'Extension' table is not supported. When database row from 'Request' table is removed, corresponding entries in 'Attribute' and 'Extension' tables are removed by CA server internally.
Required? | True |
Position? | named |
Default value | |
Accept pipeline input? | true (ByValue, ByPropertyName) |
Accept wildcard characters? | False |
Specifies the filter that is used to determine the type of database rows to be deleted. This parameter works in conjunction with 'RemoveBefore' and 'CertificationAuthority' parameters. The following filters are available:
ExpiredCerts -- removes issued and revoked certificates that expired (based on NotAfter field value) before the date specified in the 'RemoveBefore' parameter.
ExpiredFailedPending -- removes issued and revoked certificates that were last modified before the date specified in the 'RemoveBefore' parameter.
Request -- combines previous two filters.
CRL -- removes published CRLs that expired (base on NextPublish field value) before the date specified in the 'RemoveBefore' parameter.
Required? | False |
Position? | named |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
Specifies the certification authority to process. This parameter works in conjunction with 'Filter' and 'RemoveBefore' parameters.
Required? | True |
Position? | named |
Default value | |
Accept pipeline input? | true (ByValue, ByPropertyName) |
Accept wildcard characters? | False |
Specifies an expiration date when deleting certificates or CRLs, and a last modified date when deleting certificate requests. This parameter has no effect when you pass individual row objects.
Warning: if this parameter is not set, the command will remove all database rows specified by a filter! Think twice!
Required? | True |
Position? | named |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
SysadminsLV.PKI.Management.CertificateServices.Database.AdcsDbRow
PKI.CertificateServices.CertificateAuthority
None.
Author: Vadims Podans
Blog: https://www.sysadmins.lv
PS C:\> Get-CertificationAuthority "ca01.company.com" | Get-PendingRequest -RequestID 15,63,112 | Remove-AdcsDatabaseRow
In this example, pending requests with RequestID equals to 15, 63 and 112 will be removed from CA database.
PS C:\> Get-CertificationAuthority "ca01.company.com" | Get-FailedRequest | Remove-AdcsDatabaseRow
This command will remove all failed request. Other request types and tables will be untouched.
PS C:\> Get-CertificationAuthority "ca01.company.com" | Remove-AdcsDatabaseRow -Filter "Request" -RemoveBefore $((Get-Date).AddYears(-1)) PS C:\> Get-CertificationAuthority "ca01.company.com" | Remove-AdcsDatabaseRow -Filter "CRL" -RemoveBefore $((Get-Date).AddYears(-1))
In this example, two commands are used to perform a full CA database cleanup. All certificate reuqests and CRLs that expired (or last modified for pending and failed requests) one year ago.
Get-CertificationAuthority
Connect-CertificationAuthority
Get-RevokedRequest
Get-IssuedRequest
Get-PendingRequest
Get-FailedRequest
Get-AdcsDatabaseRow