Add-QADCertificate
From PowerGUI Wiki
Add X.509 certificates to a certificate store, or map X.509 certificates to a user account in Active Directory.
This cmdlet is part of the Quest ActiveRoles Server product. Use Get-QARSProductInfo to view information about ActiveRoles Server.
Contents |
Syntax
Add-QADCertificate [-DirObj] <IGenericDirectoryObject> [-Certificate] <X509CertificateUI[]> [-Control <hashtable>] [-Confirm] [-WhatIf] [<CommonParameters>]
Add-QADCertificate [-Store] <X509CertificateStoreUI> [-Certificate] <X509CertificateUI[]> [-Confirm] [-WhatIf] [<CommonParameters>]
Detailed Description
Use this cmdlet to add X.509 certificates to a certificate store or map X.509 certificates to an Active Directory object, such as a user account. The cmdlet takes an output object of the Get-QADCertificate or Import-QADCertificate cmdlet, and updates the specified certificate store or Active Directory object with the certificate represented by that object.
Note: If the certificate data to add to a user account in Active Directory contains private key information (for example, the data being imported from a .pfx file), the private key information is disregarded since it cannot be stored in Active Directory.
Parameters
| Name | Description | Required? | Pipeline Input | Default Value |
|---|---|---|---|---|
| Certificate | Use this parameter to specify the certificate objects representing the certificates to add. This could be output objects of the Get-QADCertificate or Import-QADCertificate cmdlet (see examples). | true | true (ByValue, ByPropertyName) | |
| Control | Use this parameter to pass request controls (in-controls) to ActiveRoles Server as part of an operation request. In ActiveRoles Server, request controls are used to send extra information along with an operation request, to control how ActiveRoles Server performs the request.
The parameter value is a hash table that defines the names and values of the request controls to be passed to ActiveRoles Server. The parameter syntax is as follows: -Control @{<name> = <value>; [<name> = <value>] ...}
In this syntax, each of the name-value pairs is the name and the value of a single control. For instructions on how to create and use hash tables, see topic "about_associative_array" or "about_hash_tables" in Windows PowerShell Help. For information about ActiveRoles Server request controls, refer to ActiveRoles Server SDK documentation. Note that this parameter only has an effect if an Active Directory object passed to the DirObj parameter is retrieved through ActiveRoles Server. For example, you could retrieve the object by using Get-QADUser with the Proxy connection parameter. In this case, the request to update the corresponding user account is processed by ActiveRoles Server, so the Control parameter passes the request controls to ActiveRoles Server. If the input object is retrieved through a direct connection to the directory (the Proxy connection parameter was not used), the Control parameter has no effect. | false | false | |
| DirObj | Parameter value is an object representing the Active Directory object, such as a user account, to which to map the certificates identified by the Certificate parameter. To map certificates to a particular user in Active Directory, retrieve the corresponding user account by using Get-QADUser and then pass the output object to this parameter (see examples). | true | true (ByValue) | |
| Store | Parameter value is an object that identifies the certificate store to which to add the certificates identified by the Certificate parameter. Normally, this is an output object of the Get-QADLocalCertificateStore cmdlet (see examples). | true | true (ByValue) | |
| Confirm | Prompts you for confirmation before executing the command. | false | false | |
| WhatIf | Describes what would happen if you executed the command without actually executing the command. | false | false |
Input Type
Quest.ActiveRoles.ArsPowerShellSnapIn.X509CertificateStoreUI,Quest.ActiveRoles.ArsPowerShellSnapIn.UI.IGenericDirectoryObject
Return Values
Quest.ActiveRoles.ArsPowershellSnapIn.X509CertificateUI
Examples
EXAMPLE 1
$cert = Get-QADLocalCertificateStore TrustedPublisher | Get-QADCertificate C:\PS>Get-QADUser domainName\userName | Add-QADCertificate -Certificate $cert
Description
Create a collection of objects ($cert) representing all the certificates found in the TrustedPublisher certificate store for the current user. Then, pass those objects to the Add-QADCertificate cmdlet to map the certificates to the specified user account in Active Directory. As a result, the certificates listed in the $cert variable are mapped to that user account.
EXAMPLE 2
$cert = dir c:\cert | Import-QADCertificate C:\PS>Get-QADUser domainName\userName | Add-QADCertificate -Certificate $cert
Description
Create a collection of objects ($cert) representing the certificates found in the certificate files that are located in the specified folder (c:\cert). Then, pass those objects to the Add-QADCertificate cmdlet to identify the certificates to map to the specified user account. As a result, the certificates listed in the $cert variable are mapped to that user account.
EXAMPLE 3
$cert = dir c:\cert | Import-QADCertificate | Where-QADCertificate -IssuerDN *Microsoft*,*VeriSign* C:\PS>Get-QADUser domainName\userName | Add-QADCertificate -Certificate $cert
Description
Create a collection of objects ($cert) representing the certificates found in the certificate files that are located in the specified folder (c:\cert). Apply a filter using Where-QADCertificate to ensure that the collection lists only the certificates issued by Microsoft or VeriSign. Then, pass the certificate objects to the Add-QADCertificate cmdlet to identify the certificates to map to the specified user account. As a result, the certificates listed in the $cert variable are mapped to that user account.
EXAMPLE 4
$store = Get-QADLocalCertificateStore Root C:\PS>Import-QADCertificate c:\cert.cer | Add-QADCertificate -Store $store
Description
Add the certificate from file c:\cert.cer to the Trusted Root Certification Authorities certificate store in the CurrentUser store location.
The first command uses Get-QADLocalCertificateStore to populate the $store variable with the object representing the Trusted Root Certification Authorities certificate store. In the second command, Import-QADCertificate creates a certificate object based on the certificate data found in file c:\cert.cer and passes that object to Add-QADCertificate, causing the certificate to be added to the certificate store identified by the object held in the $store variable.
