List all expiring certificates on all domain joined servers

A colleague asked me if I could list all expiring certificates on all Domain Joined servers in the environment.
– Sure!

A few minutes later, a script that will connect to all Servers and list certificates that will expire in less than 90 days. I’m sure there are a thousand of scripts out there who does the same, and here is script number 1001.

The script will get all Windows Server Computer Accounts, that are not expired and is not a virtual object (like a Cluster Service).
It will then connect to those servers and list all Certificates that will expire in less than 90 days.

Short and easy to use, and we did find 2 certificates that need to be replaced ASAP!

1 thought on “List all expiring certificates on all domain joined servers”

  1. i get Invoke-Command : One or more computer names are not valid. If you are trying to pass a URI, use the -ConnectionUri
    parameter, or pass URI objects instead of strings.
    At E:\scripts\GetMemberServers_Certs.ps1:1 char:1
    + Invoke-Command -ComputerName (get-adcomputer -LDAPFilter “(&(objectCategory=comp …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidArgument: (System.String[]:String[]) [Invoke-Command], ArgumentException
    + FullyQualifiedErrorId : PSSessionInvalidComputerName,Microsoft.PowerShell.Commands.InvokeCommandCommand

Leave a Reply