How to check expired certificates on multiple computer?
Just use the Invoke-Command to the Dir command and make sure PowerShell remoting has been set up by using Enable-PSRemoting on the target serv
$threshold = 60 #Number of days to look for expiring certificates
$deadline = (Get-Date).AddDays($threshold) #Set deadline date
Invoke-Command -ComputerName Server1,Server2,Server3 { Dir Cert:\LocalMachine\My } | foreach {
If ($_.NotAfter -le $deadline) { $_ | Select Issuer, Subject, NotAfter, @{Label=“Expires In (Days)”;Expression={($_.NotAfter - (Get-Date)).Days}} }
}
How to check expired user certificates on AD?
If your company is using certificates for user authentication or encryption (ie. s/mime certificates), these expire every now and then Your Enterprise CA in that case appends new certificates to users’ userCertificate attribute, while leaving expired certs there as well Over time these increasingly clutter your AD, making administration more difficult and negatively affecting AD replication traffic.
Get-QADUser username | Remove-QADCertificate -Valid:$false
To clean-up the entire domain, just do: Get-QADUser | Remove-QADCertificate -Valid:$false
