PoshCode Archive  Artifact Content

Artifact c686f866a83590569452e1a7b7fc5a6af481ddfe1d9ead1517285bd7ae7db375:

  • File Renew-Certificates.ps1 — part of check-in [bc30086088] at 2018-06-10 14:03:50 on branch trunk — Fair warning: This is a messy scrip, not even parameterized. It ain’t pretty. (user: Steve Whitcher size: 2324)

# encoding: ascii
# api: powershell
# title: Renew Certificates
# description: Fair warning: This is a messy scrip, not even parameterized.  It ain’t pretty.
# version: 0.1
# type: script
# author: Steve Whitcher
# license: CC0
# x-poshcode-id: 5907
# x-archived: 2015-06-27T00:15:58
# x-published: 2015-06-24T21:18:00
#
# After configuring the variables as appropriate, this script will check the computers in $workstations to confirm they are online, then contact each computer to check for certificates issued before $NewCACertDate and renew them.  It uses CredSSP to authenticate to the client computers, and delegation of fresh credentials must be allowed.  The script, as is, also requires the ActiveDirectory module, for the use of “Get-ADComputer”.
#
$cred = Get-Credential  # Credential with admin rights on client computers
$workstations = Get-adcomputer LEN5555 # Modify this to get the only the client computers to be contacted
$NewCACertDate = get-date "01/01/1901" # Set this date to match the date your new root CA certificate was issued. 


workflow Get-onlinecomputers
{
    [CmdletBinding()]
    [Alias()]
    Param
    (
        [Parameter(Mandatory=$true,
                   ValueFromPipelineByPropertyName=$true,
                   Position=0)]
                   [Alias("ComputerName","cn")]
        $Name
    )


    foreach -parallel ($computer in $Name)
    {
        if (Test-connection -computername $computer -count 1 -erroraction SilentlyContinue) {
            $computer
        }
    
    }
}

$OnlinePCs = get-onlinecomputers $workstations.dnshostname

$RenewCertificates = {
    Param([Datetime]$NewCACertDate)
    $Certs = get-childitem -path Cert:\LocalMachine\My
    $OldCerts = $Certs | Where-Object {$_.NotBefore -lt $NewCACertDate}
    #write-output $oldcerts
    foreach ($cert in $OldCerts)
    {
        $Serial = $cert.SerialNumber
        Write-Output $Serial
        certreq -enroll -machine -cert $Serial -q Renew ReuseKeys
    }
}

foreach ($computer in $OnlinePCs) {
        if ($computer) {
                    write-output $computer
                    invoke-command -computername $computer -ScriptBlock $RenewCertificates -argumentlist $NewCACertDate -authentication credssp -cred $cred
        }
    }