List duplicated valid certificates on a MS PKI

List duplicated valid certificates on a MS PKI

List duplicated valid certificates on a MS PKI

The following script will give you the possibility to list the valid certificates on your Active Directory PKI that are duplicated. By “duplicated”, I mean at least two valid certificates for the same Common Name.

New versions of this script are available here and here.

The PKI powershell cmdlet used for this script are member of the Powershell module PSPKI that can downloaded here
This useful module offers a lot of cmdlets to manage your Microsoft PKI. Some examples:
Add-AuthorityInformationAccess (Alias: Add-AIA)
Add-CAAccessControlEntry (Alias: Add-CAACL)
Add-CAKRACertificate
Add-CATemplate
Add-CertificateEnrollmentPolicyService
Add-CertificateEnrollmentService
Add-CertificateTemplateAcl
Add-CRLDistributionPoint (Alias: Add-CDP)
Add-ExtensionList
Approve-CertificateRequest
Connect-CertificationAuthority (Alias: Connect-CA)
Convert-PemToPfx
Convert-PfxToPem
Deny-CertificateRequest
Disable-CertificateRevocationListFlag (Alias: Disable-CRLFlag)
Disable-InterfaceFlag
Disable-KeyRecoveryAgentFlag (Alias: Disable-KRAFlag)
Disable-PolicyModuleFlag
Enable-CertificateRevocationListFlag (Alias: Enable-CRLFlag)
Enable-InterfaceFlag
Enable-KeyRecoveryAgentFlag (Alias: Enable-KRAFlag)
Enable-PolicyModuleFlag
Get-ADKRACertificate
Get-AuthorityInformationAccess (Alias: Get-AIA)
Get-CACryptographyConfig
Get-CAExchangeCertificate
Get-CAKRACertificate
Get-CASchema
Get-CASecurityDescriptor (Alias: Get-CAACL)
Get-CATemplate
Get-CertificateContextProperty
Get-CertificateRequest
… and more here

The script has been successfully tested on a Microsoft PKI running on a Windows 2012R2 Server Standard edition

<>

My Powershell script categories

Leave a Reply

Your email address will not be published. Required fields are marked *