Announcement

Collapse
No announcement yet.

Can I export x509 certificate dates from AD?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Can I export x509 certificate dates from AD?

    I've been tasked to see if there's a way I can create a script that would export all organizational acounts to a spreadsheet with the certificate dates for each. I can pull up an individual record, and there's a "User Certficate" tab with the dates, but I have no idea how to use a script to read this data.

    So my columns in excel would have the following data for each org box:

    Display Name > Date Certificate Valid > Date Certificate expired

    Are there attributes that I can connect to pull this data? I was trying through VBS.com and they said I need to ask in an AD forum.

    Thanks for the help!

  • #2
    Re: Can I export x509 certificate dates from AD?

    With PowerShell you might be...
    Please review: http://www.powergui.org/thread.jspa?threadID=12094
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Can I export x509 certificate dates from AD?

      To export the CA certificate on the Active Directory server, follow these steps:
      1. Log on as either a member of the local Administrator security group for stand-alone computers or a member of the Domain Administrator security group for computers that are connected to the domain.
      2. Install the certificate authority (CA) on the Windows Server, which will install the server certificate on the Active Directory server. To do so, follow these steps:
      a. Click*Start -> Administrative Tools -> Certificate Authority*to open the CA Microsoft Management Console (MMC) GUI.
      b. Highlight the CA machine and right-click to select*Properties*for the CA.
      c. From*General*menu, click*View Certificate.
      d. Select the*Details*view, and click the*Copy to File...*button on the lower right corner of the window.
      e. Use the Certificate Export Wizard to save the CA certificate in a file.
      Note:
      You can save the CA certificate in either DER Encoded Binary X-509 format or Based-64 Encoded X-509 format.
      3. To verify that SSL is enabled on the Active Directory server (Windows 2000 or Windows 2003), follow these steps:
      a. Ensure that Windows 2000 Support Tools (Windows Support Tools on Windows 2003) is installed on the Active Directory machine. Thesuptools.msi*setup program is located in the*\Support\Tools\*directory on your Windows CD.
      b. Select one of the following:
      For Windows 2000 systems, select*Start*->*Windows 2000 Support Tools -> Tools -> Active Directory Administration Tooland start the*ldp*tool.
      For Windows 2003 systems, select*Start*->*Windows Support Tools -> Tools -> Command Prompt*and start the*ldp*tool.
      c. From the ldp window, select*Connection*->*Connect*and supply the host name and port number (636).


      [MOD EDIT]Plagiarised from http://publib.boulder.ibm.com/infoce...install313.htm [/MOD EDIT]
      If the above information is not much useful, you can visit the link :
      http://wiki.powergui.org/index.php/E...QADCertificate
      Last edited by Wired; 5th April 2012, 04:16.

      Comment

      Working...
      X