List AD domain controller LDAPS certificates

List AD domain controller LDAPS certificates

Kerberos uses certificates to encrypt communication between the Kerberos client and the Kerberos Key Distribution Center (KDC). If you’re domain controllers use certificate for KDC you can list them by runnning this script:

First of all the script will list all the domain controllers in the Active Directory forest and sort them by domain name. After that, the script will list the certificate on each domain controller that have the enhanced key usage “KDC Authentication” (1.3.6.1.5.2.3.5)

<>

My Powershell script categories

Leave a Reply

Your email address will not be published. Required fields are marked *