Determines whether or not a user can log on to Microsoft Communications Server by using a certificate downloaded from the certificate provisioning service.
Syntax
Test-CsClientAuth [-TargetFqdn <String>] -UserCredential <PSCredential> -UserSipAddress <String> [-Force <SwitchParameter>] [-OutVerboseVariable <String>] [-RegistrarPort <Nullable>] [-TargetCertProvWsURL <String>] |
Parameters
| Parameter | Required | Type | Description |
|---|---|---|---|
|
TargetFqdn |
Optional |
String |
Fully qualified domain name of the registrar pool where client authentication is to be tested. For example: -TargetFqdn "atl-cs-001.litwareinc.com". |
|
UserSipAddress |
Required |
SIP Address |
SIP address of the user to be used in the test. |
|
UserCredential |
Required |
PS credential object |
User credential object for the user account to be used in the test. The value passed to -UserCredential should be an object reference obtained by using the Get-Credential cmdlet. For example, this code returns a credentials object for the user litwareinc\kenmyer and stores that object in a variable named $x: $x = Get-Credential "litwareinc\kenmyer" You need to supply the user password when running this command. |
|
TargetCertProvWsURL |
Optional |
String |
URL of the certificate provisioning service. If this parameter is not included then the Test-CsClientAuth will use the certificate provisioning service configured for the registrar pool. |
|
RegistrarPort |
Optional |
Integer |
SIP port used by the Registrar service. This parameter is not required if the Registrar uses the default port 5061. |
|
Verbose |
Optional |
Switch Parameter |
Reports detailed activity to the screen as the cmdlet runs. |
|
Force |
Optional |
Switch Parameter |
Suppresses the display of any non-fatal error message that might arise when running the command. |
Detailed Description
Client certificates provide an alternate way for users to be authenticated by Microsoft Communications Server. In order to determine whether or not a user can log on to the system using a client certificate, you can run the Test-CsClientAuth cmdlet. When you run this Test-CsClientAuth you must specify the registrar pool and SIP address of the user account being tested; you must also be able to supply the user’s logon name and password. After calling Test-CsClientAuth, the cmdlet will contact the certificate provisioning service and ask to download a copy of any client certificates for the specified user. If a client certificate can be found and downloaded, Test-CsClientAuth will then attempt to log on using that certificate. If logon succeeds, Test-CsClientAuth will log off and report that the test succeeded. If a certificate cannot be found or downloaded, or if the cmdlet is unable to logon using that certificate then Test-CsClientAuth will report that the test failed.
Return Types
Test-CsClientAuth returns an instance of the Microsoft.Rtc.SyntheticTransactions.TaskOutput object.
Examples
-------------------------- Example 1 --------------------------
 Copy Code |
|
|---|---|
$cred1 = Get-Credential "litwareinc\jhaas" Test-CsClientAuth -TargetFqdn atl-cs-001.litwareinc.com -UserSipAddress "sip:jhaas@litwareinc.com" -UserCredential $cred1 |
|
The commands shown in Example 1 test the ability of the user litwareinc\jhaas to log on to the registrar pool atl-cs-001.litwareinc.com using a client certificate. To carry out this task, the first command in the example uses Get-Credential to create credential object for the user in question. The resulting credential object (which requires you to enter the password for the user) is stored in a variable named $cred1.
The second command then calls Test-CsClientAuth, specifying the fully qualified domain name of the registrar pool (-TargetFqdn), the user’s SIP address (-UserSipAddress) and the credential object created in the initial command (-UserCredential).