Removes certificate revocation list (CRL) from Active Directory.
Remove-AdCertificateRevocationList -CdpContainer <DsCDPContainer> -CertificateRevocationList <DsCrlEntry[]> [-ForceDelete] [-Dispose] [<CommonParameters>] Remove-AdCertificateRevocationList -CdpContainer <DsCDPContainer> -Thumbprint <String[]> [-ForceDelete] [-Dispose] [<CommonParameters>]
Removes certificate revocation list (CRL) from Active Directory.
Specifies the CDP container object to remove CRL from.
Required? | True |
Position? | named |
Default value | |
Accept pipeline input? | true (ByValue, ByPropertyName) |
Accept wildcard characters? | False |
Specifies one or more CRL entries to remove. Parameter objects are part of 'RevocationLists' property of CDP container.
Required? | True |
Position? | named |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
Deletes associated Active Directory entry when all CRL objects are removed from container. This operation keeps Active Directory in cleaner state by removing empty objects. This parameter only deletes empty CRL entries and does not delete empty containers.
Required? | False |
Position? | named |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
Disposes input AD container object. AD container object contains active reference to LDAP object and it is recommended to release object when it is no longer necessary to avoid memory leaks.
Required? | False |
Position? | named |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
Specifies an array of strings that represents CRL thumbprint to remove. All CRLs with matching thumbprint will be deleted from Active Directory CDP container.
Required? | True |
Position? | named |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
SysadminsLV.PKI.Management.ActiveDirectory.DsCDPContainer
SysadminsLV.PKI.Management.ActiveDirectory.DsCDPContainer
Author: Vadims Podans
Blog: https://www.sysadmins.lv
PS C:\> Get-AdPkiContainer -ContainerType CDP | Remove-AdCertificateRevocationList -Thumbprint "1C4BF393320A6C70D5C506AF9F422950B0C11EAB6273132C9B326438AB1C0929", "17FCB3E67512017E4611FBA9052164031F1D873F800E613A96AC09F77D269349" -Dispose -ForceDelete
This command retrieves CDP container from Active Directory and removes all CRLs with specified certificate thumbprints. If particular CDP entry in Active Directory is empty, it is deleted. After operation completion, input object (CDP container) is disposed.
PS C:\> $cdp = Get-AdPkiContainer -ContainerType CDP PS C:\> $entries = $cdp.RevocationLists | Where-Object {$_.HostName -eq "subca01"} PS C:\> Get-AdPkiContainer -ContainerType CDP | Remove-AdCertificateRevocationList -CRL $entries -Dispose -ForceDelete
First line retrieves CDP container from Active Directory. Second line selects all CRL entries for "subca01" host name in specified container. Third line removes selected entries from CDP container and deletes empty CDP entries from Active Directory. After operation completion, input object (CDP container) is disposed.
Get-AdPkiContainer
Add-AdCertificateRevocationList
Add-AdCertificate
Remove-AdCertificate