search

GoateePFE / ADCSTemplate

A PowerShell module for exporting, importing, removing, permissioning, publishing Active Directory Certificate Templates. It also includes a DSC resource for creating AD CS templates using these functions. This was built with the intent of using DSC for rapid lab builds. Could also work in production to move templates between AD CS environments.
MIT License
81 stars 24 forks source link

Appending template supersedence not possible. #17

Closed Geo-Ron closed 3 months ago

Geo-Ron commented 7 months ago

the property msPKI-Supersede-Templates is not set in the New-ADCSTemplate command.

I will try to implement this and create a merge request

Geo-Ron commented 7 months ago

Live Action example:

Import-Module ADCSTemplate # Do not use the powershell gallery version of this module. Use the included one
Import-Module PSPKI

$entCA = Connect-CertificationAuthority
$originOCSPTemplate = Get-CertificateTemplate | Where-Object DisplayName -eq 'OCSP Response Signing'
$templateJSON = Export-ADCSTemplate -DisplayName $originOCSPTemplate.DisplayName
$templateObject = $templateJSON | ConvertFrom-JSON
$templateObject.name = 'OCSPResponseSigningv1.0'
$templateObject.DisplayName = 'OCSP Response Signing v1.0'
$templateObject.flags = 131648
$templateObject.'msPKI-Enrollment-Flag' = 20512
$templateObject.'msPKI-Private-Key-Flag' = 101056512
$templateObject.'msPKI-Template-Schema-Version' = 4
$templateObject.'msPKI-Template-Minor-Revision' = $templateObject.'msPKI-Template-Minor-Revision' +1
$templateObject.'msPKI-Minimal-Key-Size' = 4096
$templateObject.'msPKI-RA-Application-Policies' = $templateObject.'msPKI-RA-Application-Policies' -replace 'SHA1','SHA256'
$templateObject | Add-Member -MemberType 'NoteProperty' -Name msPKI-Supersede-Templates -Value @(($templateJson | ConvertFrom-Json).Name)

New-ADCSTemplate -DisplayName $templateObject.DisplayName -JSON ($templateObject | ConvertTo-JSON) -Publish