Skip to content

Instantly share code, notes, and snippets.

@mcc85s

mcc85s/Import-NTDSCertificate.ps1

Last active February 1, 2023 19:09
Show Gist options
  • Save mcc85s/ed0844542f2aae23562b85d2ad74cc70 to your computer and use it in GitHub Desktop.
Save mcc85s/ed0844542f2aae23562b85d2ad74cc70 to your computer and use it in GitHub Desktop.
Download ZIP
To import an NTDS Store Certificate... not yet tested.
Raw
Import-NTDSCertificate.ps1
# Bennett @ https://stackoverflow.com/questions/21895800/powershell-script-to-install-certificate-into-active-directory-store
# Modified/Simplified
Function Import-NTDSCertificate
{
[ CmdletBinding () ] Param (
[ Parameter ( Mandatory ) ] [ String ] $File ,
[ Parameter ( Mandatory ) ] [ String ] $Password ,
#Remove certificate from LocalMachine\Personal certificate store
[ Switch ] $Cleanup )
Begin
{
IEX "Using Namespace System.Security.Cryptography.X509Certificates"
Write-Verbose -Message "Importing PFX file."
$PFX = [ X509Certificate2 ]::new()
$PFX | % { $_.Import( $File , $Password , [ X509KeyStorageFlags ]::Exportable ) }
$PFX.Thumbprint | % {
If ( $_ -ne $Null )
{
$Paths = ForEach ( $I in "" , "\Cryptography\Services\NTDS" )
{
"HKLM:\Software\Microsoft$I\SystemCertificates\MY\Certificates\$_"
}
}
}
}
Process
{
Write-Verbose -Message "Importing certificate into LocalMachine\Personal"
$Store = [ X509Store ]::new( "My" , "LocalMachine" )
$Store | % {
$_.Open( 'MaxAllowed' )
$_.Add( $PFX )
$_.Close()
}
Write-Verbose -Message "Copying certificate from LocalMachine\Personal to NTDS\Personal"
$Splat = @{
Path = $Paths[0]
Destination = $Paths[1]
Recurse = $True
}
CP @Splat
}
End
{
If ( $Cleanup )
{
Write-Verbose -Message "Removing certificate from LocalMachine\Personal"
$Splat = @{
Path = $Paths[0]
Recurse = $True
}
RI @Splat
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment