Running the script below requires the RSAT (Remote Server Administration Tools) be installed on the system you are running it from. The account used must have enough permissions to read from Active Directory and the selected server’s registries.
The script will read the machine accounts of AD joined servers looking for those with the word “server” in the operating system attribute. It will prompt the user to select any of those servers to scan. It will also prompt the user for a DNS name to search the certificates for.
The script will attempt to test connectivity to RPC (TCP 135) for each of the selected servers. It will then open the registry and search the computer account’s personal certificate store for the entered domain name. A report will be generated that shows pertinent details for each certificate that is found.
$Servers = Get-ADComputer -Filter 'Operatingsystem -Like "*server*"' -Properties dnshostname|
Select-Object dnshostname -ExpandProperty dnshostname|
Out-GridView -Title "Select Servers To Scan for Certificates. CTRL+A to Select All" -PassThru
$CertificateDomain = Read-Host "Enter public DNS host name of certificate to check; example: mydoamin.com"
$ServersOnline = @()
Foreach ($Server in $Servers) {
If ((Test-NetConnection -WarningAction SilentlyContinue -ComputerName $Server -Port 135).tcptestsucceeded){$Serversonline += $Server}
}
ForEach ($System in $ServersOnline){
Try {
Invoke-Command -ComputerName $System -ErrorAction Stop {
Get-ChildItem Cert:\LocalMachine\My|Select-Object DnsNameList, Subject, Issuer, NotAfter|Where-Object {$_.DnsNameList -like "*$CertificateDomain*"}}|
Format-List PSComputerName, DnsNameList, Subject, Issuer, @{N="Expires"; E={$_.NotAfter}}
}
Catch {Write-Host "No Public CA issued certificate for $CertificateDomain detected on $System"}
}
techbloggingfool.com 