locked
Enable Certificate Template through PowerShell RRS feed

  • Question

  • Afternoon everyone,

    New guy here already with a somewhat peculiar question.

    Due to some very specific need, I´m using a virtualization platform to deploy a Windows 2012 machine.

    For customizing this machine, I need to promote it do a DC, install and configure the DNS and DHCP roles as well as the CA role, everything through bat scripts or PowerShell.

    How far I am into this:

    1) Machine creation - OK
    2) DC Promotion - OK
    3) Configure DNS - OK
    4) Configure DHCP - OK
    5) Install Microsoft CA - OK
    6) Create and configure a Certificate Template - OK
    7) Enable this template - NOT OK

    As you can see, I´m stuck at the exact final part: to enable the template so I can use it to issue certificates.

    Anyway I can do this using PowerShell or some other tool?

    Thank you very much.

    Friday, December 2, 2016 8:43 PM

Answers

  • And I actually managed it.

    I ran Get-CATemplate and noticed that it only returned the enabled templates.

    Therefore, Add-CATemplate is actually a cmdlet that ENABLES a previously created certificate template rather than creates one.

    • Marked as answer by THKB Sunday, December 4, 2016 7:59 PM
    Sunday, December 4, 2016 7:59 PM

All replies

  • Probably you missed the first pinned post in this forum ...  This forum is for scripting questions rather than script requests

    To accomplish your task (actually all your tasks) you can use Desired State Configuration


    Grüße - Best regards

    PS:> (79,108,97,102|%{[char]$_})-join''

    Friday, December 2, 2016 8:48 PM
  • You need to give the correct permissions on the template (read,write,enroll,autoenroll) or it will not be visible as a selection.

    Post in CA forum for more assistance with CA issues.


    \_(ツ)_/

    Friday, December 2, 2016 9:30 PM
  • Actually I wasn´t looking for something ready, but rather some sort of direction on how to do it, since I couldn´t find anything that would allow it.
    Sunday, December 4, 2016 6:22 PM
  • That is indeed true, but doing it manually is not the issue, but how to do it programatically through PowerShell ;-)
    Sunday, December 4, 2016 6:23 PM
  • And I actually managed it.

    I ran Get-CATemplate and noticed that it only returned the enabled templates.

    Therefore, Add-CATemplate is actually a cmdlet that ENABLES a previously created certificate template rather than creates one.

    • Marked as answer by THKB Sunday, December 4, 2016 7:59 PM
    Sunday, December 4, 2016 7:59 PM