使用 PowerShell 查找 ADFS 实例中所有过期的声明提供程序证书
Using PowerShell to Find All Expired Claims Provider certificates in an ADFS Instance
我 运行 在尝试构建它时遇到了障碍。现在,我通过我一直在处理的以下脚本得到了我需要的结果,但是我在给定的声明提供者信任上得到了多个 returns,(即给定信任的多个签名证书)扔掉我的电子表格。
我想添加一行(可能是某种 Foreach 语句),以在给定的 return.
中选择两个或多个日期中的较大者
我尝试添加一个:
ForEach-Object { $CPDetails.TokenSigningCertificates.NotAfter| Sort-Object -Property NotAfter|Select-Object -Last 1}
我的 if 语句,但它导致输出一遍又一遍地重复相同的值。
$Results = @()
Try
{
$CPDetails = (Get-AdfsClaimsProviderTrust | select Name, TokenSigningCertificates)
}
Catch
{
$_.Exception.Message
Continue
}
If($CPDetails.TokenSigningCertificates)
{
$Object = New-Object PSObject -Property @{
NotAfter = $CPDetails.TokenSigningCertificates.NotAfter | ForEach-Object { $CPDetails.TokenSigningCertificates.NotAfter| Sort-Object -Property NotAfter|Select-Object -Last 1}
Name = $CPDetails.Name
}
}
$Results += $Object
If($Results)
{
$Results | Select-Object NotAfter, Name | Sort-Object NotAfter | Out-GridView -Title "Certificates"
}
目前:
DateTime { 12/31/2999 12:00:00 PM, 12/31/2999 12:00:00 PM, 12/31/2999 12:00:00 PM,
Name {Trust 1, Trust 2, Trust 3.....
需要:
DateTime { 12/31/2999 12:00:00 PM, 01/2/2019 12:00:00 PM, 05/31/2021 12:00:00 PM,
Name {Trust 1, Trust 2, Trust 3.....
我最终想到了一个比我开始的这个烂摊子更优雅的解决方案:
Get-AdfsClaimsProviderTrust |
Select name, @{Name='TokenSigningCertificates'; Expression={[string]::join(";", ($_.TokenSigningCertificates.NotAfter|
Group-Object Name |
Foreach-Object {$_.Group | Sort-Object * | Select-Object -Last 1}))}}
感谢@TheMadTechnician 的指导
我 运行 在尝试构建它时遇到了障碍。现在,我通过我一直在处理的以下脚本得到了我需要的结果,但是我在给定的声明提供者信任上得到了多个 returns,(即给定信任的多个签名证书)扔掉我的电子表格。
我想添加一行(可能是某种 Foreach 语句),以在给定的 return.
中选择两个或多个日期中的较大者我尝试添加一个:
ForEach-Object { $CPDetails.TokenSigningCertificates.NotAfter| Sort-Object -Property NotAfter|Select-Object -Last 1}
我的 if 语句,但它导致输出一遍又一遍地重复相同的值。
$Results = @()
Try
{
$CPDetails = (Get-AdfsClaimsProviderTrust | select Name, TokenSigningCertificates)
}
Catch
{
$_.Exception.Message
Continue
}
If($CPDetails.TokenSigningCertificates)
{
$Object = New-Object PSObject -Property @{
NotAfter = $CPDetails.TokenSigningCertificates.NotAfter | ForEach-Object { $CPDetails.TokenSigningCertificates.NotAfter| Sort-Object -Property NotAfter|Select-Object -Last 1}
Name = $CPDetails.Name
}
}
$Results += $Object
If($Results)
{
$Results | Select-Object NotAfter, Name | Sort-Object NotAfter | Out-GridView -Title "Certificates"
}
目前:
DateTime { 12/31/2999 12:00:00 PM, 12/31/2999 12:00:00 PM, 12/31/2999 12:00:00 PM,
Name {Trust 1, Trust 2, Trust 3.....
需要:
DateTime { 12/31/2999 12:00:00 PM, 01/2/2019 12:00:00 PM, 05/31/2021 12:00:00 PM,
Name {Trust 1, Trust 2, Trust 3.....
我最终想到了一个比我开始的这个烂摊子更优雅的解决方案:
Get-AdfsClaimsProviderTrust |
Select name, @{Name='TokenSigningCertificates'; Expression={[string]::join(";", ($_.TokenSigningCertificates.NotAfter|
Group-Object Name |
Foreach-Object {$_.Group | Sort-Object * | Select-Object -Last 1}))}}
感谢@TheMadTechnician 的指导