function auditDcCerts{
try{
write-host "Gathering Domain Controller Names..."
Import-Module ActiveDirectory
$osInfo = Get-CimInstance -ClassName Win32_OperatingSystem
$osInfo.ProductType
$dcs=if($osInfo.ProductType -eq 2){ # Product Type 2 is Domain Controller
((Get-ADForest -Server $env:computername).Domains|%{Get-ADDomainController -server $_ -Filter *}).Name
}else{
((Get-ADForest).Domains|%{Get-ADDomainController -server $_ -Filter *}).Name
}
$certs=New-Object -TypeName "System.Collections.ArrayList"
$today=Get-Date
foreach($dc in $dcs){
write-host "Scanning $dc..."
$certStore = New-Object System.Security.Cryptography.X509Certificates.X509Store("\\$dc\My", "LocalMachine")
$certStore.Open("ReadOnly")
if($certStore.certificates){
$certStore.certificates | %{
$object = "" | Select-Object DC,Subject,Issuer,CertTemplate,ValidUntil,Status
$object.DC = $dc
$object.Issuer = .{[void]($_.Issuer -match '^CN=([A-Za-z0-9\-_]+),');$matches[1]}
$object.CertTemplate = try{($_.extensions | ?{$_.oid.friendlyname -match "template"}).format(0) -replace "(.+)?=(.+)\((.+)?", '$2'}catch{$null}
$object.Subject = .{
$x=($_.extensions | ?{$_.oid.friendlyname -match "Subject Alternative Name"})
if($x){
return $x.format(0) -replace "^.+=", ""
}elseif($object.CertTemplate -match '^CA'){
return "Certification Authority"
}elseif($object.CertTemplate -match '^SubCA'){
return "Subordinate CA"
}
}
$object.ValidUntil = ($_.NotAfter).ToString('MM-dd-yyyy')
if((get-date $_.NotAfter) -gt $today){
$object.Status = "Valid"
}else{
$object.Status = "Expired"
}
$certs+=$object
}
}else{
write-host " => Result: No Certs Detected!" -ForegroundColor 'Red'
$certs+=[pscustomobject]@{
subject=$dc
CertTemplate=$false
ValidUntil=$false
Status=$false
Issuer='Unknown'
}
}
}
return $certs
}
catch{
return "$($error[0])"
}
}
auditDcCerts|ft -AutoSize
<# Sample Output
Gathering Domain Controller Names...
Scanning DEESEE1...
Scanning DEESEE2...
Scanning DEESEE3...
Scanning DEESEE4...
Scanning DEESEE5...
DC Subject CertTemplate ValidUntil Status
-- ------- ------------ ---------- ------
DEESEE1 DEESEE1.kimconnect.net Domain Controller 5 Years 09-05-2022 Valid
DEESEE1 DEESEE1.kimconnect.net Domain Controller Authentication 09-03-2021 Valid
DEESEE1 INTRANET Kerberos Authentication 09-03-2021 Valid
DEESEE1 DEESEE1.kimconnect.net Directory Email Replication 09-03-2021 Valid
DEESEE2 DEESEE2.kimconnect.net Domain Controller Authentication 09-03-2021 Valid
DEESEE2 INTRANET Kerberos Authentication 09-03-2021 Valid
DEESEE2 DEESEE2.kimconnect.net Domain Controller 5 Years 09-04-2025 Valid
DEESEE2 DEESEE2.kimconnect.net Directory Email Replication 09-03-2021 Valid
DEESEE3 DEESEE3.kimconnect.net Domain Controller 5 Years 09-04-2025 Valid
DEESEE3 DEESEE3.kimconnect.net Directory Email Replication 09-05-2021 Valid
DEESEE3 INTRANET Kerberos Authentication 09-05-2021 Valid
DEESEE3 Certification Authority CA 09-04-2025 Valid
DEESEE3 DEESEE3.kimconnect.net Domain Controller Authentication 09-05-2021 Valid
DEESEE4 DEESEE4.kimconnect.net Domain Controller 5 Years 09-05-2022 Valid
DEESEE4 DEESEE4.kimconnect.net Directory Email Replication 09-03-2021 Valid
DEESEE4 DEESEE4.kimconnect.net Domain Controller Authentication 09-03-2021 Valid
DEESEE4 INTRANET Kerberos Authentication 09-03-2021 Valid
DEESEE5 DEESEE5.kimconnect.net Directory Email Replication 09-04-2021 Valid
DEESEE5 INTRANET Kerberos Authentication 09-04-2021 Valid
DEESEE5 Subordinate CA SubCA 09-03-2025 Valid
DEESEE5 DEESEE5.kimconnect.net Domain Controller 5 Years 09-05-2022 Valid
DEESEE5 DEESEE5.kimconnect.net Domain Controller Authentication 09-04-2021 Valid
#>