HarmJ0y · September 13, 2021 21:43 · Sep 13, 2021
diff --git a/dc_cert_template.ps1 b/dc_cert_template.ps1
@@ -0,0 +1,26 @@
+$Results = ([adsisearcher]"(&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))").FindAll() | % {
+    $Entry = $_.GetDirectoryEntry()
+
+    $SAM = $Entry.samAccountName[0]
+    $DN = $Entry.distinguishedName[0]
+
+    try {
+        $Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 @($Entry.userCertificate)
+        $Exp = $Cert.GetExpirationDateString()
+
+        $TemplateExt = $Cert.Extensions | Where-Object{ ( $_.Oid.FriendlyName -eq 'Certificate Template Name') } | Select-Object -First 1
+
+        [pscustomobject] @{
+            'SamAccountName'=$SAM
+            'DistinguishedName'=$DN
+            'Thumprint'=$Cert.Thumbprint
+            'Expiration'=$Cert.GetExpirationDateString()
+            'TemplateName'=$TemplateExt.Format(1) 
+        }
+    }
+    catch {
+        Write-Warning "Error retrieving the certificate from DC '$DN' !"
+    }
+}
+
+$Results | fl