我需要修改下面的脚本,这样我就可以获得AD服务器的列表,然后检查服务器中的任何SSL证书的有效性。
注意:服务器可能运行IIS,也可能不运行IIS,这就是为什么我不确定如何正确运行IIS。
$ComputerName = Get-ADComputer -Filter {Enabled -eq $True} -SearchBase "OU=Servers,OU=Production,DC=Domain,DC=com"
[CmdletBinding()]
param(
[parameter(Mandatory, ValueFromPipeline)][string[]]$ComputerName,
[int]$TCPPort = 443,
[int]$Timeoutms = 3000
)
process {
foreach ($computer in $computerName) {
$port = $TCPPort
write-verbose "$computer`: Connecting on port $port"
[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
$req = [Net.HttpWebRequest]::Create("https://$computer`:$port/")
$req.Timeout = $Timeoutms
try {$req.GetResponse() | Out-Null} catch {write-error "Couldn't connect to $computer on port $port"; continue}
if (!($req.ServicePoint.Certificate)) {write-error "No Certificate returned on $computer"; continue}
$certinfo = $req.ServicePoint.Certificate
$returnobj = [ordered]@{
ComputerName = $computer;
Port = $port;
Subject = $certinfo.Subject;
Thumbprint = $certinfo.GetCertHashString();
Issuer = $certinfo.Issuer;
SerialNumber = $certinfo.GetSerialNumberString();
Issued = [DateTime]$certinfo.GetEffectiveDateString();
Expires = [DateTime]$certinfo.GetExpirationDateString();
}
new-object PSCustomObject -Property $returnobj
}
}
我不确定你是否忘记了将函数实例化放在首位,但以下应该是PowerShell中高级函数的正确格式。您还可以使用Get-ADComputercmdlet为参数$ComputerName提供默认值。试试这个,看看它是否有效。
function Get-ADComputerCert {
[CmdletBinding()]
param(
[int]$TCPPort = 443,
[int]$Timeoutms = 3000
)
process {
$ComputerName = (Get-ADComputer -Filter {Enabled -eq $True} -SearchBase "OU=Servers,OU=Production,DC=Domain,DC=com").Name
foreach ($computer in $computerName) {
$port = $TCPPort
write-verbose "$computer`: Connecting on port $port"
[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
$req = [Net.HttpWebRequest]::Create("https://$computer`:$port/")
$req.Timeout = $Timeoutms
try {$req.GetResponse() | Out-Null} catch {write-error "Couldn't connect to $computer on port $port"; continue}
if (!($req.ServicePoint.Certificate)) {write-error "No Certificate returned on $computer"; continue}
$certinfo = $req.ServicePoint.Certificate
$returnobj = [ordered]@{
ComputerName = $computer;
Port = $port;
Subject = $certinfo.Subject;
Thumbprint = $certinfo.GetCertHashString();
Issuer = $certinfo.Issuer;
SerialNumber = $certinfo.GetSerialNumberString();
Issued = [DateTime]$certinfo.GetEffectiveDateString();
Expires = [DateTime]$certinfo.GetExpirationDateString();
}
new-object PSCustomObject -Property $returnobj
}
}
}