Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 40
  • Last Modified:

How to enroll a machine certicate from AD via script

I´m trying to find a way to enroll a machine certificate from a template already published by the Active Directory Enrollment Policy via script because for some reason the GPO configured for that is not having the behaviour expected.

Manually via MMC, I can request and successfully enroll the certificate within the Computer Account. The template is there correctly published etc. but the GPO is not working and I´m reaching my deadline to get it sorted.

So my idea was to deploy a script via SHELL or POWERSHELL but I couldn´t find any way. Bear in mind that my workstation park is Windows 7, so the Get-Certificate command is not an option.

Any idea is welcome. Thanks
0
Giuliano Foletto
Asked:
Giuliano Foletto
  • 3
  • 2
2 Solutions
 
footechCommented:
I'm not aware of a way to request the certificate with PS (but I haven't researched it), but if I were you I would fix or try to find out why the deployment via GPO isn't working, as that's the way I would do it.
0
 
Giuliano FolettoAuthor Commented:
Yeah, I´m working on that in parallel. Thanks!
0
 
footechCommented:
You may want to start a new question on that topic to try to get it resolved.  If you post the link to it here, I will try to follow up.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Peter HutchisonSenior Network Systems SpecialistCommented:
You can use the Certreq.exe command with the -Enroll option from the command prompt.
0
 
Giuliano FolettoAuthor Commented:
Well, the Certreq command did help but I´ve learned it doesn´t have a "silent" option and that´s by design. So no automatic deployment via script.

Anyway, I´m working on the GPO resolution that in the end is the "correct", and probably the only, way to deploy automatically a certificate over the network.
0
 
Giuliano FolettoAuthor Commented:
In the end I was asking for a workaround that doesn´t exist
0

Featured Post

Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now