get AD User Object cert in remote session

Welcome Forums General PowerShell Q&A get AD User Object cert in remote session

This topic contains 0 replies, has 1 voice, and was last updated by  Forums Archives 7 years, 2 months ago.

  • Author
  • #6121

    Points: 0
    Rank: Member

    by davetechsearch at 2013-04-02 11:37:06

    Is there a way to 'see' the Certificate(s) in the AD User Object container in a remote session (for the user that initiated the session)?

    (gci cert]

    This errors out when running the cmd:
    The system cannot open the device or file specified.
    + CategoryInfo :
    + FullyQualifiedErrorId : System.Security.Cryptography.CryptographicExc

    by coderaven at 2013-04-02 11:51:15

    There are a few different ways to get that information noted here

    If you have remoting enabled, it is pretty easy, if not, I liked this solution:

    function Get-Cert( $computer=$env:computername ){



    $store=new-object System.Security.Cryptography.X509Certificates.X509Store("\\$computer\root",$lm)




    Get-Cert "REMOTECOMPUTER"| ?{$_.NotAfter -lt (Get-Date)} | format-list -property PSPath,FriendlyName,NotAfter

    The code needs a little cleanup and I have not tested it. Let me know how it goes.

    by davetechsearch at 2013-04-02 12:05:28

    I'll give that a try with what I'm trying to do... I should probably provide more detail:

    1. I remote to a machine
    2. I attempt to get list the certificiates in UserDS (for the remoting user) while in the remote session
    3. Getting a listing of the contents of this container errors out. Listing other containers under \CurrentUser\ works just fine.

    by davetechsearch at 2013-04-02 12:14:29

    This is what I am running... runs fine locally, but still errors out at — "$store.oppen($ro)" — when in the remote session.

    $ro = []"ReadOnly"
    $cu = []"CurrentUser"
    $store = new-object"userds","$cu")

    Exception calling "Open" with "1" argument(s): "The system cannot open the d
    evice or file specified.
    At line:1 char:12
    + $ < <<< ($ro)
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationExcepti
    + FullyQualifiedErrorId : DotNetMethodException

    As for my original intention... I was hoping to encrypt some data locally (encryption and decryption work fine locally), send it over the wire to its destination and decrypt it at the other end for use. I was hoping to use the thumbprint from the UserDS container to perform the encryption/decryption.

The topic ‘get AD User Object cert in remote session’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort