Powershell: howto get certificates of specific user on an RDS-server? RRS feed

  • Question

  • Hi,

    I'd need to know if a specific user on an RDS-server (on which are 40 users) has a specific user certificate. So I'd like to request all user certs for that user on that remote server.

    Please advise howto do this.

    Jan Hoedt

    • Moved by Bill_Stewart Friday, March 15, 2019 7:49 PM Help vampire
    Monday, February 4, 2019 2:24 PM

All replies

  • Monday, February 4, 2019 5:41 PM
  • Should have been more specific:

     Get-ChildItem -Path Cert:\ -Recurse |
    Where-Object -FilterScript {
    ($_.issuer -like '*company cert name*')
    }  | Select-Object  -Property  Issuer, NotBefore, NotAfter, Version, Archived, IssuedTo

    gives what I need BUT the IssuedTo isn't showing and that's the value I need

    Jan Hoedt

    Monday, February 4, 2019 8:29 PM
  • "IssuedTo" is not part of a cert object for the cert: provider.  The subject should include the user name and it should be the name of the account that the script is running under.

    In a domain it will be the DN of the user.


    • Edited by jrv Monday, February 4, 2019 8:49 PM
    Monday, February 4, 2019 8:47 PM
  • Ok thanks. I could figure out howto get the user but I'd need the cert of a specific user on a remote system.
    Locally that works, but can I query the certs of a user on a remote machine (RDS)?


    cd Cert:\CurrentUser\my
    Get-ChildItem -Recurse | format-list -Property *

    Jan Hoedt

    Tuesday, February 5, 2019 9:13 AM
  • No.  You can only query in a users session.


    Tuesday, February 5, 2019 9:22 AM
  • You can get the raw certs and some basic info from AD. like this:

    Get-AdUser userid -Properties Certificates | select -expand certificates


    • Edited by jrv Tuesday, February 5, 2019 10:04 AM
    Tuesday, February 5, 2019 10:02 AM
  • Thanks, but they are Symantec certs which do not show up there.

    Jan Hoedt

    Thursday, February 14, 2019 11:23 AM
  • Thanks, but they are Symantec certs which do not show up there.

    Jan Hoedt

    What?  Just because they are from Symantec does not mean they are any different from any other cer.

    Are you really asking about CA root certs?  They are not user certs.

    To sort this out you should start by contacting Symantec t sort out what you are trying to ask.

    Note that the subject contains the information on who the cert was issued to if it is a personal cert.  If it is a CA cert then the subject contains the name of the CA.


    Thursday, February 14, 2019 11:27 AM