Powershell: Certificates report from servers in Domain


Script in high level:
1. load ADcomputers from Domain with DNSname, operatingsystem and IPv4
2. load certificates from remote server from CurrentUser certificate store
3. load certificates from remote server from LocalMachine certificate store
4. check for null values
5. create psobject "$cert_object" and set properties
6. export array to CSV file

Preview of code:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
$output_file = "exporeted_certificates.csv"
$output2 = @()

$servers = Get-ADComputer -Filter {Name -like 'server*'} -Properties * | select DNSHostName,OperatingSystem,IPv4Address


$percentage_per_one_step = (100 / ($servers.Count) -as [double])
$current_complete = 0

foreach ($server in $servers) {
    Write-Progress -Activity "server $($server.DNSHostName) of $($servers.Count)" -PercentComplete $current_complete

    if ($server.DNSHostName -ne $null) {
        if ($server.OperatingSystem -like 'Windows Server 20*') {
                $certifacates_per_server = Invoke-Command -ComputerName $server.DNSHostName -ScriptBlock {
                    Set-Location Cert:\CurrentUser
                    Get-ChildItem -Recurse | select PSParentPath,Issuer,Subject,SerialNumber | where-object {$_.Issuer -like "*CN=issuer_name*"}
                }
                $certifacates_per_server += Invoke-Command -ComputerName $server.DNSHostName -ScriptBlock {
                    Set-Location Cert:\LocalMachine
                    Get-ChildItem -Recurse | select PSParentPath,Issuer,Subject,SerialNumber | where-object {$_.Issuer -like "*CN=issuer_name*"}
                } 
        }
    
        if ($certifacates_per_server -eq $null) {
            $cert_object = @{
                'DNSHostName' = $server.DNSHostName;
                'OperatingSystem' = $server.OperatingSystem;
                'Issuer' = "unable to read";
                'Subject' = "unable to read";
                'IP address' = $server.IPv4Address;
                'SerialNumber' = "unable to read";
                'PSParentPath' = "unable to read";
            }
            $output = New-Object -TypeName psobject -Property $cert_object
            $output2 += $output
        }
        else {
            foreach ($item in $certifacates_per_server) {
                $cert_object = @{
                    'DNSHostName' = $server.DNSHostName;
                    'OperatingSystem' = $server.OperatingSystem;
                    'Issuer' = $item.Issuer;
                    'Subject' = $item.Subject;
                    'IP address' = $server.IPv4Address;
                    'SerialNumber' = $item.SerialNumber;
                    'PSParentPath' = $item.PSParentPath;
                }
                $output = New-Object -TypeName psobject -Property $cert_object
                $output2 += $output
            }
        }

    }
    else {
        $cert_object = @{
            'DNSHostName' = "unable to read";
            'OperatingSystem' = $server.OperatingSystem;
            'Issuer' = "unable to read";
            'Subject' = "unable to read";
            'IP address' = $server.IPv4Address;
            'SerialNumber' = "unable to read";
            'PSParentPath' = "unable to read";
        }
        $output = New-Object -TypeName psobject -Property $cert_object
        $output2 += $output
    }
    $certifacates_per_server = $null
    $current_complete += $percentage_per_one_step
}
$output2 | Export-Csv $output_file -Encoding Default -Delimiter ";"

Comments

Post a Comment

Popular Posts