PowerShell 导出 AD 用户 x509 证书并为用户导入 ADUC

PowerShell export AD user x509 certificate and import into ADUC for the user

在 PowerShell 中导出用户 AD 证书并存储在数据文件中的最佳方法是什么。

我可以获得用户证书:

$user = Get-ADuser "tester01"
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $user.usercertificate

我想将其导出到一个文件中,以便稍后使用 PowerShell 将其导入到用户 AD 帐户中。

我该怎么做?

PKI 颁发的用户证书在他们的计算机上。只需使用证书驱动器即可获取它们。获取 PSDrive、获取 ChildItem -路径证书:。查看帮助文件和帮助文件示例。

或者使用...

Export-Certificate

Module: PKIClient

Exports a certificate from a certificate store into a file.

# Get specifics for a module, cmdlet, or function
(Get-Command -Name Export-Certificate).Parameters
(Get-Command -Name Export-Certificate).Parameters.Keys
Get-help -Name Export-Certificate -Examples
# Results
<#
$cert = (Get-ChildItem -Path 
Export-Certificate -Cert $cert -FilePath c:\certs\user.sst -Type SST
$cert = (Get-ChildItem -Path 
Export-Certificate -Cert $cert -FilePath c:\certs\user.cer
$cert = ( Get-ChildItem -Path 
Export-Certificate -Cert $cert -FilePath c:\certs\user.p7b -Type p7b
Get-ChildItem -Path cert:\CurrentUser\my | Export-Certificate ûFilePath 

#>
Get-help -Name Export-Certificate -Full
Get-help -Name Export-Certificate -Online 

另请参阅:

https://www.powershellgallery.com/packages/CPolydorou.ActiveDirectory/1.7.0/Content/UserCertificates.psm1