Posts Tagged 'EFS'

Clean up expired certificates from AD

Published August 24, 2011 Active Directory , AD , AD cmdlets , Certificate Authority , Certificate Management , Certificates , one-liner , PKI , PowerShell Comments
Tags: , , , , , , ,

Security MVP Vadims Podans just did a great post on using PowerShell to remove expired user certificates from Active Directory.

In a nutshell,

  • If your company is using certificates for user authentication or encryption, these expire every now and then,
  • Your Enterprise CA in that case appends new certificates to users’ userCertificate attribute, while leaving expired certs there as well,
  • Over time these increasingly clutter your AD, making administration more difficult and negatively affecting AD replication traffic.

Luckily, cleaning up expired certificates with PowerShell is extremely easy.

To do the clean-up for a specific user you can run this one-liner:

Get-QADUser username | Remove-QADCertificate -Valid:$false

To clean-up the entire domain, just do:

Get-QADUser | Remove-QADCertificate -Valid:$false

See Vadim’s original post for details.

Read more about PKI management with PowerShell here.

Advertisement

 Subscribe in a reader

Subscribe by email

Legal

The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not necessarily represent those of my employer - WSO2 or anyone else for that matter. All trademarks acknowledged.

© 2007-2014 Dmitry Sotnikov

May 2023
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
293031  
%d bloggers like this: