none
Need help on creating script to check server certificate expiration RRS feed

  • Question

  • Hi Experts,

    I need your help on creating a script for checking certificate expiration for Exchange 2010 and Lync servers.

    So far, here's the requirements:

    Organize AD or provide some way to interrogate and get an accurate list of Exchange 2010, Lync FE servers

    * Script should generate only servers with expiring certificate within 2  weeks

    As of now here's the script we're using. But this script gets the server from the text file.

    $errLogFile = "ErrorLog.html"
    If (Test-Path $errLogFile) {
        Remove-Item $errLogFile
    }
    
    
    
    #Import-Module ActiveDirectory
    $ComputerName = Get-Content "Servers.txt"
    #$ComputerName = Get-ADComputer -Filter {OperatingSystem -Like "Windows *Server*"} -SearchBase "OU=SYSTEMS,DC=ASM,DC=LAN" -Properties operatingSystem | Where-Object {$_.DistinguishedName -notlike "*OU=Office Servers,OU=SYSTEMS,DC=ASM,DC=LAN" -and $_.DistinguishedName -notlike "*OU=Desktop Engineering,OU=SYSTEMS,DC=ASM,DC=LAN" -and $_.DistinguishedName -notlike "*OU=Unity,OU=SYSTEMS,DC=ASM,DC=LAN" -and $_.DistinguishedName -notlike "*OU=Retail Voicemail Servers,OU=SYSTEMS,DC=ASM,DC=LAN"} | Select-Object Name | Sort-Object Name | ForEach-Object {$_.Name.ToString()}
    
    
    
    $output = Invoke-Command -ComputerName $ComputerName -ScriptBlock {
        Get-ChildItem CERT:\localmachine\my | ForEach-Object {
            $obj = New-Object -TypeName PSObject
            $obj | Add-Member -MemberType NoteProperty -Name ComputerName -Value ([System.Net.Dns]::GetHostName())
            $obj | Add-Member -MemberType NoteProperty -Name FriendlyName -Value $_.FriendlyName
            $obj | Add-Member -MemberType NoteProperty -Name DaysRemaining -Value ($_.NotAfter - (Get-Date)).days
            $obj | Add-Member -MemberType NoteProperty -Name Expiration -Value $_.NotAfter
            $obj | Add-Member -MemberType NoteProperty -Name Subject -Value $_.Subject
            Write-Output $obj
        } 
        
    } -ErrorAction SilentlyContinue -ErrorVariable +WRMErr | Select-Object ComputerName, FriendlyName , DaysRemaining, Expiration, Subject | Sort-Object DaysRemaining
    
    #-ErrorAction SilentlyContinue -ErrorVariable +WRMErr | Select-Object ComputerName, FriendlyName , DaysRemaining, Expiration, Subject | Where-Object {$_.DaysRemaining -le 90} | Sort-Object DaysRemaining
    
    
    
    $head = "<style>
    body {
        font-family:Arial;
    }
    
    table {
        border-width: 1px;
        width:800px;
        border-style: solid;
        border-color: black;
        border-collapse: collapse;
    }
    
    table th {
        font-size:12px;
        color:white;
        text-align:left;
        border-width: 1px;
        padding: 3px;
        border-style: solid;
        border-color: black;
        background-color:#003366
    }
    
    table td {
        font-size:11px;
        border-width: 1px;
        padding: 3px;
        border-style: solid;
        border-color: black
    }
    
    table tr:nth-child(odd) {
        background: #CCC
    }
    
    table tr:nth-child(even) {
        background: #FFF
    }
    </style>"
    $header = "<B> Cert Report <BR> Date: " + (get-date -format g) + "</B><BR><BR>"
    $title = "Cert Report"
    
    If ($output -ne $NULL) {
        $body = $output | ConvertTo-Html -Head $head -Body $header -Title $title | Out-String
        
        If ($WRMErr) {
            $WRMErr | Select-Object ErrorDetails | ConvertTo-Html -Head $head | Out-File $errLogFile
            Send-MailMessage -to "" -From "" -Subject $title -Body $body -Attachments $errLogFile -BodyAsHtml -SmtpServer server
        } Else {
            Send-MailMessage -to "" -From "" -Subject $title -Body $body -BodyAsHtml -SmtpServer server
        }
    }
    
    $WRMErr = $null

    Hope you could help me with this and let me know if you have questions. 

    Thanks in advance!

    Reynald


    None


    • Edited by reynald13 Friday, October 17, 2014 11:59 PM
    Friday, October 17, 2014 11:57 PM

Answers

  • In fact lookingat your postd script it is not the correct or easy methoc.

    Get-CsCertificate does this. http://technet.microsoft.com/en-us/library/gg398227.aspx

    You will find the same for Exchange.

    Two things that will help you.  One is to hire a trained consultant and the other is to post in the CS (Lync) forum as your needs are mostly product specific.

    I also recommend researching the issue until you understand it well enough to as a specific question.


    ¯\_(ツ)_/¯

    • Marked as answer by reynald13 Saturday, October 18, 2014 6:55 PM
    Saturday, October 18, 2014 1:31 PM

All replies

  • Yes - I have a question:  What is your question?

    You posted a few statements but no question.  What is your question?


    ¯\_(ツ)_/¯

    Saturday, October 18, 2014 12:23 AM
  • Thanks JRV. Sorry for the confusion. I'm asking if someone can modify the script to meet our existing requirements like how to get all Exchange 2010 and Lync servers in our environment and put it inside our existing script.

    Thanks

    Reynald


    None

    Saturday, October 18, 2014 9:13 AM
  • Thanks JRV. Sorry for the confusion. I'm asking if someone can modify the script to meet our existing requirements like how to get all Exchange 2010 and Lync servers in our environment and put it inside our existing script.

    Thanks

    Reynald


    None

    The way that you need to do this is to contact a consultant trained in your technologies and in scripting then have them modify the script to your specifications.

    An alternate method would be to end someone in your organization out to be trained in these technologies.

    This forum is not for free consulting or script maintenance.  It is for technicians who need answers to specific questions about scripting.

    We are not an employment agency. Do you have a specific question?


    ¯\_(ツ)_/¯


    • Edited by jrv Saturday, October 18, 2014 1:15 PM
    Saturday, October 18, 2014 1:15 PM
  • Alternately you can g here: http://technet.microsoft.com/en-us/scriptcenter/dd793612.aspx

    or here: https://gallery.technet.microsoft.com/ScriptCenter/

    Once you learn how to query your AD structure for the computers you can use the information to modify your script.

    Start  by using a new script to create the text file.  This can be done using Get-AdComputer and a filter.

    I recommend contacting the person who wrote the original script and having them modify it to your new specifications.


    ¯\_(ツ)_/¯


    • Edited by jrv Saturday, October 18, 2014 1:20 PM
    Saturday, October 18, 2014 1:19 PM
  • Here is a good example of how to find and manage all Lync servers: http://msunified.net/2014/05/05/script-to-find-current-cumulative-updates-on-lync-servers-in-a-deployment/


    ¯\_(ツ)_/¯

    Saturday, October 18, 2014 1:22 PM
  • Also look into using the Lync Server CmdLets and not the raw AD access: http://technet.microsoft.com/en-us/library/gg425959.aspx


    ¯\_(ツ)_/¯

    Saturday, October 18, 2014 1:26 PM
  • In fact lookingat your postd script it is not the correct or easy methoc.

    Get-CsCertificate does this. http://technet.microsoft.com/en-us/library/gg398227.aspx

    You will find the same for Exchange.

    Two things that will help you.  One is to hire a trained consultant and the other is to post in the CS (Lync) forum as your needs are mostly product specific.

    I also recommend researching the issue until you understand it well enough to as a specific question.


    ¯\_(ツ)_/¯

    • Marked as answer by reynald13 Saturday, October 18, 2014 6:55 PM
    Saturday, October 18, 2014 1:31 PM
  • Thabks for all your suggestions. This will be enough to work thing out.

    None

    Saturday, October 18, 2014 6:55 PM
  • Thabks for all your suggestions. This will be enough to work thing out.

    None

    I tried to give you enough to sort out a direction.  The script you posted has very little to do with the question you asked.  The certs used by the CC and Exchange servers are managed by the service and there are CmdLets that get that information from the service. The servers you have are in AD and can be found using the service special CmdLets.

    I aggressively recommend that you either get someone in your organization trained in these technologies or contact a consultant to help you.  You will need it going forwards.  These technologies cannot be easily managed by non-technical admins.


    ¯\_(ツ)_/¯

    Saturday, October 18, 2014 7:27 PM