Client certificates provide a way for users to be authenticated when logging on to Microsoft Communications Server 2010; certificates are particularly useful for phones running Microsoft Communicator “14” Phone Edition and other devices where it is difficult to enter a user name and/or password. The Get-CsClientCertificate provides a way for administrators to retrieve information about the client certificates that have been issued to a user.
Syntax
Get-CsClientCertificate -Identity <UserIdParameter> [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] |
Parameters
Parameter | Required | Type | Description |
---|---|---|---|
Identity |
Required |
User Identity |
Indicates the Identity of the user account whose certificate information you want to retrieve. User Identities can be specified using one of four formats: 1) the user's Session Initiation Protocol (SIP) address; 2) the user's Universal Principal Name; 3) the user's domain name and logon name, in the form domain\logon (for example, litwareinc\kenmyer); and, 4) the user's Active Directory Domain Services display name (for example, Ken Myer). Note that the SsmAccountName cannot be used as an identity because it is not necessarily unique in a forest. |
Force |
Optional |
Switch Parameter |
Suppresses the display of any non-fatal error message that might arise when running the command. |
WhatIf |
Optional |
Switch Parameter |
Describes what would happen if you executed the command without actually executing the command. |
Tenant |
Optional |
Switch Parameter |
Prompts you for confirmation before executing the command. |
Detailed Description
Client certificates provide an alternate way for users to be authenticated by Communications Server 2010. Instead of having to provide a user name and password, users provide an X.509 certificate stored on a smart card or a hardware device such as a cell phone running Communicator “14” Phone Edition. (This certificate must have a Subject Name or Subject Alternate Name that identifies the user, and must be issued by an Enterprise Certificate Authority.) To be authenticated, users only need to type in a PIN number; it’s typically easier for a cell phone users to type in a PIN number than to type in an alphanumeric user name and/or password.
The Get-CsClientCertificate cmdlet provides a way for administrators to retrieve information about the Communications Server client certificates that have been issued to their users. This information includes both the date and time that the certificate was issued, and the date and time when the certificate will expire.
Return Types
Get-CsClientCertificate returns instances of the Microsoft.Rtc.Management.UserPinService.CertInfoDetails object.
Examples
-------------------------- Example 1 ------------------------
Copy Code | |
---|---|
Get-CsClientCertificate -Identity "Ken Myer" |
The command shown in Example 1 returns all the client certificates issued to Ken Myer.
-------------------------- Example 2 ------------------------
Copy Code | |
---|---|
Get-CsClientCertificate -Identity "Ken Myer" | Where-Object {$_.ExpirationTime -lt "9/1/2011"} |
Example 2 returns all the client certificates issued to Ken Myer that are set to expire before September 1, 2011. To do this, the command first uses Get-CsClientCertificate to return a collection of all the client certificates issued to Ken Myer. This collection is then piped to the Where-Object cmdlet, which picks out only those certificates where the ExpirationTime property is earlier than (i.e., less than: -lt) September 1, 2011 (9/1/2011).
-------------------------- Example 3 ------------------------
Copy Code | |
---|---|
Get-CsClientCertificate -Identity "Ken Myer" | Where-Object {$_.PublicationTime -gt "1/1/2010"} |
The preceding command returns all the client certificates that have been issued to Ken Myer since January 1, 2010. To accomplish this task, the command first calls Get-CsClientCertificate to return a collection of all the client certificates issued to Ken Myer. This collection is then piped to Where-Object, which selects the certificates where the PublicationTime property is later than (that, greater than: -gt) January 1, 2010 (1/1/2010).
-------------------------- Example 4 ------------------------
Copy Code | |
---|---|
Get-CsUser | Where-Object {$_.RegistrarPool -ne $Null} | Get-CsClientCertificate |
The command shown in Example 4 returns client certificates for all Communications Server -enabled users who have been assigned to a registrar pool. (An error will be returned if you try to retrieve certificate information for a user who has not been assigned to a registrar pool). To do this, the command first calls Get-CsUser without any parameters; that returns a collection of all the users who have been enabled for Communications Server. This collection is then piped to the Where-Object cmdlet, which selects only those users where the RegistrarPool property is not equal to (-ne) a null value ($Null). This filtered collection is then piped to Get-CsClientCertificate, which returns the assigned certificates for each user in the collection.