A PowerShell module for exporting, importing, removing, permissioning, publishing Active Directory Certificate Templates. It also includes a DSC resource for creating AD CS templates using these functions. This was built with the intent of using DSC for rapid lab builds. Could also work in production to move templates between AD CS environments.
MIT License
81
stars
24
forks
source link
Certificate template revision numbers should be updated #4
When exporting certificate template, it is considered a duplicate and revision number should not be exported as is, instead, they shall be updated as follows:
-- Revision DS attribute is set to 100.
-- msPKI-Template-Minor-Revision DS attribute is incremented by 1.
Depending on desired template schema version, msPKI-Template-Schema-Version attribute must be set to either, 2, 3 or 4. This should be is user-provided value.
This is because you shall not import V1 (msPKI-Template-Minor-Revision=1) certificate templates. Only custom templates can be imported.
When exporting certificate template, it is considered a duplicate and revision number should not be exported as is, instead, they shall be updated as follows:
--
RevisionDS attribute is set to 100. --msPKI-Template-Minor-RevisionDS attribute is incremented by 1.Depending on desired template schema version,
msPKI-Template-Schema-Versionattribute must be set to either, 2, 3 or 4. This should be is user-provided value.This is because you shall not import V1 (
msPKI-Template-Minor-Revision=1) certificate templates. Only custom templates can be imported.