[This is preliminary documentation and is subject to change. Blank topics are included as placeholders.]

Determines whether or not a user can log on to Microsoft Communications Server by using a certificate downloaded from the certificate provisioning service.


Test-CsClientAuth [-TargetFqdn <String>] -UserCredential <PSCredential> -UserSipAddress <String> [-Force <SwitchParameter>] [-OutVerboseVariable <String>] [-RegistrarPort <Nullable>] [-TargetCertProvWsURL <String>]


Parameter Required Type Description




Fully qualified domain name of the registrar pool where client authentication is to be tested. For example: -TargetFqdn "atl-cs-001.litwareinc.com".



SIP Address

SIP address of the user to be used in the test.



PS credential object

User credential object for the user account to be used in the test. The value passed to -UserCredential should be an object reference obtained by using the Get-Credential cmdlet. For example, this code returns a credentials object for the user litwareinc\kenmyer and stores that object in a variable named $x:

$x = Get-Credential "litwareinc\kenmyer"

You need to supply the user password when running this command.




URL of the certificate provisioning service. If this parameter is not included then the Test-CsClientAuth will use the certificate provisioning service configured for the registrar pool.




SIP port used by the Registrar service. This parameter is not required if the Registrar uses the default port 5061.



Switch Parameter

Reports detailed activity to the screen as the cmdlet runs.



Switch Parameter

Suppresses the display of any non-fatal error message that might arise when running the command.

Detailed Description

Client certificates provide an alternate way for users to be authenticated by Microsoft Communications Server. In order to determine whether or not a user can log on to the system using a client certificate, you can run the Test-CsClientAuth cmdlet. When you run this Test-CsClientAuth you must specify the registrar pool and SIP address of the user account being tested; you must also be able to supply the user’s logon name and password. After calling Test-CsClientAuth, the cmdlet will contact the certificate provisioning service and ask to download a copy of any client certificates for the specified user. If a client certificate can be found and downloaded, Test-CsClientAuth will then attempt to log on using that certificate. If logon succeeds, Test-CsClientAuth will log off and report that the test succeeded. If a certificate cannot be found or downloaded, or if the cmdlet is unable to logon using that certificate then Test-CsClientAuth will report that the test failed.

Return Types

Test-CsClientAuth returns an instance of the Microsoft.Rtc.SyntheticTransactions.TaskOutput object.


-------------------------- Example 1 --------------------------

Copy Code
$cred1 = Get-Credential "litwareinc\jhaas"

Test-CsClientAuth -TargetFqdn atl-cs-001.litwareinc.com -UserSipAddress "sip:jhaas@litwareinc.com" -UserCredential $cred1

The commands shown in Example 1 test the ability of the user litwareinc\jhaas to log on to the registrar pool atl-cs-001.litwareinc.com using a client certificate. To carry out this task, the first command in the example uses Get-Credential to create credential object for the user in question. The resulting credential object (which requires you to enter the password for the user) is stored in a variable named $cred1.

The second command then calls Test-CsClientAuth, specifying the fully qualified domain name of the registrar pool (-TargetFqdn), the user’s SIP address (-UserSipAddress) and the credential object created in the initial command (-UserCredential).