New-FasMsTemplate
Synopsis
Installs a Microsoft Certificate Template file into the current Active Directory environment.
Syntax
New-FasMsTemplate -FileName <String> [-Acl <String>] [<CommonParameters>]
<!--NeedCopy-->
Description
Loads a certificate template XML file and installs it to Active Directory, optionally setting a security descriptor.
Microsoft Certificate Authority uses Certificate Templates to describe the types of certificates that it can issue. This includes information such as the validity period and how the certificate should be authorized.
The Citrix Federated Authentication Service supplies a number of human-readable XML certificate templates that can be reviewed and installed using this commandlet. Alternatively the equivalent templates can be created using the standard Microsoft Certificate Template Administration tools.
By default the ACL placed on the Certificate Template will allow Domain Administrators to have full control and Authenticated Users to have read permission. If this is not suitable the -Acl <SDDL> parameter can be used to specify a security descriptor.
Note that this cmdlet must be run using a High Privilege user account. Equivalent configuration can be done manually using the Microsoft GUI tools, or scripted using the CX509CertificateTemplateADWritable COM object in CertEnroll.dll:
$template = [System.IO.File]::ReadAllBytes(“$Pwd\Citrix_SecureServerRole.certificatetemplate”) $CertEnrol = New-Object -ComObject X509Enrollment.CX509EnrollmentPolicyWebService $CertEnrol.InitializeImport($template) $comtemplate = $CertEnrol.GetTemplates().ItemByIndex(0)
$writabletemplate = New-Object -ComObject X509Enrollment.CX509CertificateTemplateADWritable $writabletemplate.Initialize($comtemplate) $writabletemplate.Commit(1, $NULL)
Examples
Example 1
PS C:\>
C:\PS> New-FasMsTemplate -FileName ./Citrix_SmartcardLogon.certificatetemplate" -Acl "D:PAI(A;OICI;FA;;;DA)"
<!--NeedCopy-->
Description
Read the specified certificate template file and install it into Active Directory applying a “Domain Administrator Full Control” ACL
Parameters
-FileName
Specifies the .certificatetemplate file to install.
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: (required)
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
<!--NeedCopy-->
-Acl
Specify an ACL to apply to the Certificate Template in SDDL format.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: D:PAI(A;OICI;FA;;;DA)(A;;LCRPRC;;;AU)
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
<!--NeedCopy-->
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
Variable, based on property name.
This cmdlet does accept input from the pipeline but only by property name.
Outputs
void
This cmdlet does not return a value