Skip to content

Added option to publish template to one specific CA #19

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
balthasar-m wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Added option to publish template to one specific CA #19

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 12 additions & 5 deletions ADCSTemplate.psm1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -238,6 +238,8 @@ Function Get-RandomHex {
Publish the template to *ALL* Certificate Authority issuers. Use with caution
in production environments. You may want to manually publish to only specific
Certificate Authorities in production. In a lab this is ideal.
.PARAMETER PublishOn
String with a Certificate Authority name. Publish the template to this specific Certificate Authority.
.NOTES
This function does not use the official (complicated) API for PKI management.
Instead it creates the exact same AD objects that are generated by the API,
Expand Down Expand Up @@ -271,7 +273,9 @@ Function Get-RandomHex {
[string]$Server = (Get-ADDomainController -Discover -ForceDiscover -Writable).HostName[0],
[string[]]$Identity, # = "$((Get-ADDomain).NetBIOSName)\Domain Computers",
[switch]$AutoEnroll,
[switch]$Publish
[switch]$Publish,
[string]$PublishOn

)
### Put GroupName and AutoEnroll into a parameter set

Expand Down Expand Up @@ -358,12 +362,15 @@ Function Get-RandomHex {
#endregion

#region ISSUE
If ($Publish) {
### WARNING: Issues on all available CAs. Test in your environment.
If (($Publish) -or ($PSBoundParameters.ContainsKey('PublishOn'))) {
### WARNING: Publishes the template on all available CAs if $Publish is set. Test in your environment.
$EnrollmentPath = "CN=Enrollment Services,CN=Public Key Services,CN=Services,$ConfigNC"
$CAs = Get-ADObject -SearchBase $EnrollmentPath -SearchScope OneLevel -Filter * -Server $Server
ForEach ($CA in $CAs) {
Set-ADObject -Identity $CA.DistinguishedName -Add @{certificateTemplates=$DisplayName.Replace(' ','')} -Server $Server
$CAName = ($CA -split ",")[0].Substring(3)
If (($Publish) -or ($CAName -eq $PublishOn)) {
Set-ADObject -Verbose -Identity $CA.DistinguishedName -Add @{certificateTemplates=$DisplayName.Replace(' ','')} -Server $Server
}
}
}
#endregion
Expand Down Expand Up @@ -467,4 +474,4 @@ Function Get-RandomHex {


Export-ModuleMember -Function *-ADCS*