Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to enroll a machine certicate from AD via script

Posted on 2016-08-25
6
Medium Priority
?
37 Views
Last Modified: 2016-09-07
I´m trying to find a way to enroll a machine certificate from a template already published by the Active Directory Enrollment Policy via script because for some reason the GPO configured for that is not having the behaviour expected.

Manually via MMC, I can request and successfully enroll the certificate within the Computer Account. The template is there correctly published etc. but the GPO is not working and I´m reaching my deadline to get it sorted.

So my idea was to deploy a script via SHELL or POWERSHELL but I couldn´t find any way. Bear in mind that my workstation park is Windows 7, so the Get-Certificate command is not an option.

Any idea is welcome. Thanks
0
Comment
Question by:Giuliano Foletto
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 41

Expert Comment

by:footech
ID: 41770831
I'm not aware of a way to request the certificate with PS (but I haven't researched it), but if I were you I would fix or try to find out why the deployment via GPO isn't working, as that's the way I would do it.
0
 

Author Comment

by:Giuliano Foletto
ID: 41771510
Yeah, I´m working on that in parallel. Thanks!
0
 
LVL 41

Expert Comment

by:footech
ID: 41771993
You may want to start a new question on that topic to try to get it resolved.  If you post the link to it here, I will try to follow up.
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 20

Assisted Solution

by:Peter Hutchison
Peter Hutchison earned 2000 total points
ID: 41772856
You can use the Certreq.exe command with the -Enroll option from the command prompt.
0
 

Accepted Solution

by:
Giuliano Foletto earned 0 total points
ID: 41782013
Well, the Certreq command did help but I´ve learned it doesn´t have a "silent" option and that´s by design. So no automatic deployment via script.

Anyway, I´m working on the GPO resolution that in the end is the "correct", and probably the only, way to deploy automatically a certificate over the network.
0
 

Author Closing Comment

by:Giuliano Foletto
ID: 41787483
In the end I was asking for a workaround that doesn´t exist
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a fine trick which I've found useful many times, when you just don't want to accidentally run a batch script or the commands needs administrator rights.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question