Public/Get-CertificateOverview.ps1
|
<#
.SYNOPSIS Script that get the certificates overview (total, ex) in the system. .DESCRIPTION Script that get the certificates overview (total, ex) in the system. .NOTES This function is pulled directly from the real Microsoft Windows Admin Center PowerShell scripts use rights (according to Microsoft): We grant you a non-exclusive, royalty-free right to use, modify, reproduce, and distribute the scripts provided herein. ANY SCRIPTS PROVIDED BY MICROSOFT ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS OR A PARTICULAR PURPOSE. .ROLE Readers .PARAMETER channel This parameter is MANDATORY. TODO .PARAMETER path This parameter is OPTIONAL. TODO .PARAMETER nearlyExpiredThresholdInDays This parameter is OPTIONAL. TODO .EXAMPLE # Open an elevated PowerShell Session, import the module, and - PS C:\Users\zeroadmin> Get-CertificateOverview -channel "Microsoft-Windows-CertificateServicesClient-Lifecycle-System*" #> function Get-CertificateOverview { param ( [Parameter(Mandatory = $true)] [ValidateSet( "Microsoft-Windows-CertificateServicesClient-Lifecycle-System*", "Microsoft-Windows-CertificateServices-Deployment*", "Microsoft-Windows-CertificateServicesClient-CredentialRoaming*", "Microsoft-Windows-CertificateServicesClient-Lifecycle-User*", "Microsoft-Windows-CAPI2*", "Microsoft-Windows-CertPoleEng*" )] [String]$channel, [Parameter(Mandatory = $false)] [String]$path = "Cert:\", [Parameter(Mandatory = $false)] [int]$nearlyExpiredThresholdInDays = 60 ) Import-Module Microsoft.PowerShell.Diagnostics -ErrorAction SilentlyContinue # Notes: $channelList must be in this format: #"Microsoft-Windows-CertificateServicesClient-Lifecycle-System*,Microsoft-Windows-CertificateServices-Deployment*, #Microsoft-Windows-CertificateServicesClient-CredentialRoaming*,Microsoft-Windows-CertificateServicesClient-Lifecycle-User*, #Microsoft-Windows-CAPI2*,Microsoft-Windows-CertPoleEng*" function Get-ChildLeafRecurse { param ( [Parameter(Mandatory = $true)] [String] $pspath ) try { Get-ChildItem -Path $pspath -ErrorAction SilentlyContinue |?{!$_.PSIsContainer} | Write-Output Get-ChildItem -Path $pspath -ErrorAction SilentlyContinue |?{$_.PSIsContainer} | %{ $location = "Cert:\$($_.location)"; if ($_.psChildName -ne $_.location) { $location += "\$($_.PSChildName)"; } Get-ChildLeafRecurse $location | % { Write-Output $_}; } } catch {} } $certCounts = New-Object -TypeName psobject $certs = Get-ChildLeafRecurse -pspath $path $channelList = $channel.split(",") $totalCount = 0 $x = Get-WinEvent -ListLog $channelList -Force -ErrorAction 'SilentlyContinue' for ($i = 0; $i -le $x.Count; $i++){ $totalCount += $x[$i].RecordCount; } $certCounts | add-member -Name "allCount" -Value $certs.length -MemberType NoteProperty $certCounts | add-member -Name "expiredCount" -Value ($certs | Where-Object {$_.NotAfter -lt [DateTime]::Now }).length -MemberType NoteProperty $certCounts | add-member -Name "nearExpiredCount" -Value ($certs | Where-Object { ($_.NotAfter -gt [DateTime]::Now ) -and ($_.NotAfter -lt [DateTime]::Now.AddDays($nearlyExpiredThresholdInDays) ) }).length -MemberType NoteProperty $certCounts | add-member -Name "eventCount" -Value $totalCount -MemberType NoteProperty $certCounts } |