steve-prentice
commented
9 months ago Hi @Borgquite looking back at this thread, I'm not sure I properly said thank you... so... Thank you! :-)
Closed Borgquite closed 1 year ago
steve-prentice
commented
9 months ago Hi @Borgquite looking back at this thread, I'm not sure I properly said thank you... so... Thank you! :-)
Borgquite
commented
9 months ago @steve-prentice You did under #3 but never hurts to hear it twice! :)
It's possible to test to see if the userCertificate attribute itself has been updated (using Get-ADReplicationAttributeMetadata), rather than just checking the 'Modified' attribute for all computers.
This should mean there's no need to compare Modified and Created to make sure it was created within the last 5 hours. It will also mean computers leaving Hybrid Azure AD and then rejoining (using dscmd.exe /leave, which clears/recreates 'usercertificate' without updating 'Created') can also be detected and synced more quickly.
I have updated the script to do this in my own branch and will offer a pull request shortly.