I needed to report which certificate templates and their associated OIDs.

All certificate template information is stored in Active Directory. As it’s shared configuration through a forest, it’s stored in the AD Configuration partition.

The simplest form of using PowerShell to access this information is by using the ADSI moniker and connecting into AD.

Using the 2 lines below, you’ll create a connection into AD that is targeted at the Certificate Templates.

$ConfigContext = ([ADSI]"LDAP://RootDSE").ConfigurationNamingContext 
$ADSI = [ADSI]"LDAP://CN=Certificate Templates,CN=Public Key Services,CN=Services,$ConfigContext"

 

Now the nice thing about the ADSI connection what we’ve created, is it’s very easy to pull back all the ChildItems from within the AD Container by using the Childen method.

 

I thought the simplest form of this would be:

$ADSI.Children | Sort-Object Name | Select-Object DisplayName, Name, msPKI-Cert-Template-OID

 

Unfortunately, that is not 100% what I wanted. The output looked good, but instead of returning an actual object, it was returning the fields I wanted as a “Collection”, specifically a System.DirectoryServices.PropertyValueCollection. It was close, but I guess I required a little more code.

 

Unfortunately, I took the easy way of calling back into AD using the Certificate Template’s distinguishedName, this would easily provide me the values in an object form. Here is what I ended up with.

 

$ConfigContext = ([ADSI]"LDAP://RootDSE").ConfigurationNamingContext 
$ADSI = [ADSI]"LDAP://CN=Certificate Templates,CN=Public Key Services,CN=Services,$ConfigContext" 
$templates = $ADSI.Children | Sort-Object Name | ForEach {
     Get-ADObject $_.distinguishedName.ToString() -Properties msPKI-Cert-Template-OID, * 
}

 

Now that I’ve gone back into AD using a specific PowerShell call, the returned data is a workable PowerShell Object. Now I can easily manipulate it for reporting/actionable purposes.

 

Example – Dump it out to the screen

$templates | Select-Object DisplayName, Name, msPKI-Cert-Template-OID

 

Example – Send it to the clipboard so that I can paste it into excel

$templates | Select-Object DisplayName, Name, msPKI-Cert-Template-OID | ConvertTo-Csv -Delimiter `t -NoTypeInformation | Set-Clipboard

 

Hope some of the code and examples help with your projects.

Advertisements