none
Powershell CRL Copy v4 and Delta CRL RRS feed

  • General discussion

  • This post is geared at others who have used the script.

    Why does the script not support Delta CRL's? When you monitor the debug of the script it indicates it is checking for a delta crl and reports it not found but the delta crl options are set in the cdp extensions. When I publish a CRL from with the CA MMC it publishes the delta crl.  I am actually thinking about removing the delta CRL options from my CA as I don't think I need them as my CA setup is currently only for internal to the domain no external websites etc. But I found it odd that the script appears to check for Delta or fails to properly return a result when there are no options to set specifically to the delta file like the master delta crl file info.  

    The other issue I noticed in the results email and reports is that the internal LDAP entry shows the date information and the status indicate red (currently within a day of next ca publish, so I assume it will be green tomorrow) is this normal as I have explored the script in detail yet so my assumption is the script does not update the internal LDAP, it only reads the status from the LDAP. 

    Without modifying the script I assume one way around this would be to set up an alternate config file, using the delta crl as the master, have not tested this idea yet. I plan to run the script using task scheduler and would have preferred to do it using one task and not 2. So if it does, in fact, work with the delta master file then I might do go the 2 task route just to save myself the headache of modifying the script and config file to use multiple master files.  

    So I am mostly looking for clarification on how the script handles delta CRL and what the results for the internal CDP/LDAP check should look like when using both of the script options "monitor" and "publish".  Keeping in mind I removed the LDAP options in the CDP/AIA extensions (Domain is Server 2012R2+), I assume this has to do with the way the Enterprise CA server natively integrates with the domain.  

    https://gallery.technet.microsoft.com/scriptcenter/Powershell-CRL-Copy-v4-11554ea5

    Also, I am not looking for a script nor do I have errors with this one. I am looking find out if my results are the expected results and was generally asking if the delta check works correctly as I have yet to try reconfiguring for the delta file.

    • Edited by IT_JoeM Thursday, January 18, 2018 11:32 PM clarification.
    • Changed type Bill_Stewart Monday, March 12, 2018 8:19 PM
    • Moved by Bill_Stewart Monday, March 12, 2018 8:20 PM This is not a support forum for gallery scripts
    Thursday, January 18, 2018 10:49 PM

All replies

  • What script are you referring to?  Post your script with any error messages.

    \_(ツ)_/

    Thursday, January 18, 2018 10:59 PM
  • Please read this first: This forum is for scripting questions rather than script requests.

    We do not support script found in the internet. You could have at least provide a link to the script you're talking about. There is a Q & A section in the gallery. You should ask your questions there:

    https://gallery.technet.microsoft.com/scriptcenter/Powershell-CRL-Copy-v4-11554ea5/view/Discussions


    Best regards,

    (79,108,97,102|%{[char]$_})-join''

    Thursday, January 18, 2018 11:03 PM
  • Well, I see you did seem to find the scrip in question.  I used the title of the script in my subject, perhaps I should have included a link to the script, but my intent was for someone with experience with the script to give their thoughts to my questions, I was not asking for a script nor did I say I had an error with the script, although I do see a typographical error and a missing word in my original post, that might have implied this. 

    I did not have any errors with the script to post.  I was interested in whether my results were the expected results and how the script should work with Delta CRL files.  

    The Q&A tab on the page appears dead and below is a cut and paste from the main script page referring others to the forum for support:

    Online peer support

    For online peer support, join The Official Scripting Guys Forum! To provide feedback or report bugs in sample scripts, please start a new discussion on the Discussions tab for this script.

    https://gallery.technet.microsoft.com/scriptcenter/Powershell-CRL-Copy-v4-11554ea5


    Thursday, January 18, 2018 11:25 PM
  • Read carefully:

    For online peer support, join The Official Scripting Guys Forum! To provide feedback or report bugs in sample scripts, please start a new discussion on the Discussions tab for this script.

    Those two sentences seem to have caused some confusion as they are not connected. This forum is for peer-to-peer scripting questions, but if you want to discuss the specific script in question, use the Q&A tab, as noted, or track down the author to ask the author.


    -- Bill Stewart [Bill_Stewart]

    Friday, January 19, 2018 3:06 PM