API tools faq
paste
aleinss

Untitled

aleinss
Feb 17th, 2025
112
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.64 KB | Source Code | 0 0
raw download clone embed print report
  1. # Import the Active Directory module
  2. Import-Module ActiveDirectory
  3.  
  4. # Define the target computer account (with trailing $)
  5. $computerAccount = "COMPUTERNAME$"
  6.  
  7. # Specify the certificate thumbprint (replace with your
  8. certificate's thumbprint)
  9. $thumbprint =
  10. "ABCDEF0123456789ABCDEF0123456789ABCDEF01"
  11.  
  12. # Retrieve the certificate from the LocalMachine\My store
  13. $cert = Get-ChildItem -Path Cert:\LocalMachine\My | Where-
  14. Object { $_.Thumbprint -eq $thumbprint }
  15. if (-not $cert) {
  16. Write-Error "Certificate with thumbprint $thumbprint not
  17. found."
  18. return
  19. }
  20.  
  21. # --- Helper Function to Reverse the Serial Number ---
  22. # This function splits the serial number into byte pairs and then reverses their order.
  23. function Reverse-SerialNumber {
  24. param (
  25. [Parameter(Mandatory)]
  26. [string]$Serial
  27. )
  28. # Remove any spaces (if present) and split into pairs (assuming even number of hex digits)
  29. $serialClean = $Serial -replace '\s', ''
  30. $pairs = ([regex]::Matches($serialClean, '..')).Value
  31. # Reverse the array of pairs and join them back together
  32. [array]::Reverse($pairs)
  33. return [string]::Join('', $pairs)
  34. }
  35.  
  36. # --- Extract Certificate Properties ---
  37.  
  38. # Mapping 1: Using Issuer and Subject
  39. $mapping1 = "X509:<I>$($cert.Issuer)<S>$($cert.Subject)"
  40.  
  41. # Mapping 2: Using the Serial Number (reversed)
  42. $reversedSerial = Reverse-SerialNumber -Serial $cert.SerialNumber
  43. $mapping2 = "X509:<SN>$reversedSerial"
  44.  
  45. # Mapping 3: Using Subject Key Identifier (SKI)
  46. # Retrieve the SKI extension (OID 2.5.29.14)
  47. $skiExtension = $cert.Extensions | Where-Object { $_.Oid.Value -eq "2.5.29.14" }
  48. if ($skiExtension) {
  49. # Format(true) returns the raw hex string (often with spaces); remove spaces for mapping
  50. $rawSki = $skiExtension.Format($true) -replace '\s',''
  51. $mapping3 = "X509:<SKI>$rawSki"
  52. } else {
  53. Write-Warning "Subject Key Identifier not found on the certificate."
  54. $mapping3 = $null
  55. }
  56.  
  57. # Combine the mappings into an array. Omit any that are $null.
  58. $mappings = @($mapping1, $mapping2)
  59. if ($mapping3) { $mappings += $mapping3 }
  60.  
  61. # Output the mapping strings for verification
  62. Write-Output "Mapping Strings to be written to $computerAccount:"
  63. $mappings | ForEach-Object { Write-Output $_ }
  64.  
  65. # --- Write the mappings to the computer account in Active Directory ---
  66. # Use -Replace to overwrite existing altSecurityIdentities; use -Add if you prefer to append.
  67. Set-ADComputer -Identity $computerAccount -Replace @{ altSecurityIdentities = $mappings }
  68.  
  69. Write-Output "Successfully updated altSecurityIdentities for computer account $computerAccount."
  70.  
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!