Publish-QADCertificate
From PowerGUI Wiki
Publish X.509 certificates to PKI-related containers in Active Directory.
This cmdlet is part of the Quest ActiveRoles Server product. Use Get-QARSProductInfo to view information about ActiveRoles Server.
Contents |
Syntax
Publish-QADCertificate [-Container] <CAContainerType[]> [-Certificate] <X509CertificateUI[]> [-Connection <ArsConnection>] [-ConnectionAccount <string>] [-ConnectionPassword <SecureString>] [-Credential <PSCredential>] [-CrossCertificate] [-Forest <string>] [-Proxy] [-Service <string>] [-UseGlobalCatalog] [-Confirm] [-WhatIf] [<CommonParameters>]
Detailed Description
Use this cmdlet to publish X.509 certificates to PKI-related containers in the Active Directory configuration naming context. The following containers are supported:
Certification Authorities (RootCA) This is the publication point for the trusted root certification authorities' (CA) certificates. Publishing a root CA's certificate to the Certification Authorities container causes all domain members to import the root CA's certificate into their own trusted root CA stores.
Authority information access (AIA) This is the publication point for the most currently published CA certificates for root and intermediate certification authorities. Publishing CA certificates to the AIA container helps clients find CA certificates dynamically during certificate chain building. The CA certificates that are available in the AIA container are also deployed with group policies into every client computer's Intermediate Certification Authorities store.
NTAuthCertificates (NTAuthCA) Publishing CA certificates to the NTAuthCertificates object indicates that these CAs are trusted to both (1) issue authentication (logon) certificates for any user in the forest and (2) enable logon for smart cards, IIS mapping, and Extensible Authentication Protocol-Transport Layer Security (EAP-TLS). The CA certificates that are available in the NTAuthCertificates object are also deployed with group policies into every client computer's Intermediate Certification Authorities store.
For every Active Directory forest, these containers are located in the forest's Configuration naming context under Services/Public Key Services, and are therefore replicated to every domain controller in the forest.
Parameters
| Name | Description | Required? | Pipeline Input | Default Value |
|---|---|---|---|---|
| Certificate | Use this parameter to specify the certificate objects representing the certificates to publish. This could be output objects of the Get-QADCertificate or Import-QADCertificate cmdlet (see examples). | true | true (ByValue, ByPropertyName) | |
| Connection | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| ConnectionAccount | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| ConnectionPassword | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| Container | Use this parameter to specify the PKI containers where you want to publish certificates. The possible parameter values are:
RootCA Identifies the Certification Authorities (trusted root CA) container AIA Identifies the authority information access container SubCA Same as AIA NTAuthCA Identifies the NTAuthCertificates object | true | true (ByValue) | |
| Credential | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| CrossCertificate | Supply this parameter when publishing cross-certificates.
A cross-certificate is a certificate issued by one Certification Authority (CA) that signs the public key for the root certificate of another Certification Authority. Cross-certificates provide a means to create a chain of trust from a single, trusted, root CA to multiple other CAs. | false | false | |
| Forest | Use this parameter to identify the Active Directory forest where you want to publish certificates. Parameter value is the fully qualified distinguished name of the forest root domain. This parameter only has an effect on the operations being performed through ActiveRoles Server (connection established using the Proxy parameter). In case of a proxy connection, the Forest parameter is required to identify the forest of the PKI containers to act upon, since ActiveRoles Server could be configured to manage domains from more than one forest. | false | true (ByPropertyName) | |
| Proxy | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| Service | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| UseGlobalCatalog | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| Confirm | Prompts you for confirmation before executing the command. | false | false | |
| WhatIf | Describes what would happen if you executed the command without actually executing the command. | false | false |
Input Type
X509CertificateUI,CAContainerType
Return Values
X509CertificateUI
Examples
EXAMPLE 1
dir c:\cert | Import-QADCertificate | Publish-QADCertificate -Container AIA
Description
Publish the certificates from the files located in the c:\cert folder to the authority information access (AIA) container.
