TrimarcJake
commented
2 years ago Stephen,
Thank you so much for this solution. Honestly, prompting for credentials should probably be included in all of the snippets. If you'd like to submit a PR to get your code added, I'd love to accept it. But if you want me to do it, I'm okay with that too!
Thanks! Jake
Hi, I ran into a small issue when running the PowerShell commands. I received the following error “Get-ADRootDSE : The server has rejected the client credentials.”. We have hardened our AD environment, which I suspect is why the commands did not work. After digging around and testing, modified the code as below to get things working.
$auth = Get-Credential $ADRoot = (Get-ADRootDSE -Credential $auth).rootDomainNamingContext $Safe_Owners = "Enterprise Admins|Domain Admins|Administrators" $ADCS_Objects = Get-ADObject -Credential $auth -Filter -SearchBase "CN=Public Key Services,CN=Services,CN=Configuration,$ADRoot" -SearchScope 2 -Properties $ADCSObjects | Where-Object { $.nTSecurityDescriptor.Owner -notmatch $Safe_Owners } | Format-Table Name,DistinguishedName
I hope this helps someone who had the same issue.
Regards Stephen