Issuance Policy Scripte

# Löscht vorhandene OID Display Names ``` $config = (Get-ADRootDSE).configurationNamingContext $domain = (Get-ADDomain -Current LoggedOnUser).DistinguishedName #$groupDN = Read-Host "Enter the Group Distinguished Name" $OID = Read-Host "Enter the OID Display Name" $IP = Get-ADObject -Filter {(objectclass -eq "msPKI-Enterprise-Oid") -and (flags -eq "2") -and (DisplayName -like $OID)} ` -SearchBase "CN=OID,CN=Public Key Services,CN=Services,$config"` -Properties "displayName","Name","msPKI-Cert-Template-OID","msDS-OIDToGroupLink" if($OID -ne "") { Remove-ADObject -Identity $IP.DistinguishedName } ``` # Zeigt alle OID Display Names und die Group Display Names auf ``` $config = (Get-ADRootDSE).configurationNamingContext $domain = (Get-ADDomain -Current LoggedOnUser).DistinguishedName "Available OIDs for Authentication Assurance and linked Groups:" $oids = Get-ADObject -Filter {(objectclass -eq "msPKI-Enterprise-Oid") -and (flags -eq "2")} ` -SearchBase "CN=OID,CN=Public Key Services,CN=Services,$config"` -Properties "displayName","msDS-OIDToGroupLink" "{0,-30} {1,-30}" -f ` "OID Display Name","Group Display Name" "-------------------------------------------------" $oids | %{ $groupDN = $PSItem."msDS-OIDToGroupLink" if(($groupDN) -ne $null) { $groupName = (Get-ADObject -Identity $groupDN).Name } else { $groupName = $null } "{0,-30} {1,-30}" -f ` $PSItem.DisplayName, $groupName } ``` # Verknüpft OIDs und Group Display Names ``` $config = (Get-ADRootDSE).configurationNamingContext $domain = (Get-ADDomain -Current LoggedOnUser).DistinguishedName $groupDN = Read-Host "Enter the Group Distinguished Name" $OID = Read-Host "Enter the OID Display Name" $IP = Get-ADObject -Filter {(objectclass -eq "msPKI-Enterprise-Oid") -and (flags -eq "2") -and (DisplayName -like $OID)} ` -SearchBase "CN=OID,CN=Public Key Services,CN=Services,$config"` -Properties "displayName","Name","msPKI-Cert-Template-OID","msDS-OIDToGroupLink" echo $IP.DistinguishedName if($groupDN -ne "") { Set-ADObject -Identity $IP.DistinguishedName -Replace @{"msDS-OIDToGroupLink" = $groupDN} } else { Set-ADObject -Identity $IP.DistinguishedName -Clear "msDS-OIDToGroupLink" } ```