PowerShell PKI Module Documentation

This command is not available in non-domain environments

Remove-AdCertificate

Synopsis

Removes certificate from AD PKI container.

Syntax

Remove-AdCertificate -AdContainer <DsPkiCertContainer> -Certificate <DsCertificateEntry[]> [-ForceDelete] [-Dispose] [<CommonParameters>]

Remove-AdCertificate -AdContainer <DsPkiCertContainer> -Thumbprint <String[]> [-ForceDelete] [-Dispose] [<CommonParameters>]

Description

Removes certificate from AD PKI container. Single container may contain multiple CA certificate objects. Exact object to remove is determined by AD certificate entry.

Parameters

-AdContainer <DsPkiCertContainer>

AD PKI certificate container where the object is searched and removed when found.

Required?	True
Position?	named
Default value
Accept pipeline input?	true (ByValue, ByPropertyName)
Accept wildcard characters?	False

-Certificate <DsCertificateEntry[]>

Specifies one or more certificate objects to remove. Certificate objects can be retrieved from Certificates property of input DsPkiCertContainer container.

Required?	True
Position?	named
Default value
Accept pipeline input?	false
Accept wildcard characters?	False

-ForceDelete <SwitchParameter>

Deletes associated Active Directory entry when all certificate objects are removed from container. This operation keeps Active Directory in cleaner state by removing empty objects.

Required?	False
Position?	named
Default value
Accept pipeline input?	false
Accept wildcard characters?	False

-Dispose <SwitchParameter>

Disposes input AD container object. AD container object contains active reference to LDAP object and it is recommended to release object when it is no longer necessary to avoid memory leaks.

Required?	False
Position?	named
Default value
Accept pipeline input?	false
Accept wildcard characters?	False

-Thumbprint <String[]>

Specifies an array of strings that represents certificate thumbprint to remove. All certificates with matching thumbprint will be deleted from Active Directory PKI certificate container.

Required?	True
Position?	named
Default value
Accept pipeline input?	false
Accept wildcard characters?	False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

SysadminsLV.PKI.Management.ActiveDirectory.DsPkiCertContainer

Outputs

SysadminsLV.PKI.Management.ActiveDirectory.DsPkiContainer

Notes

Examples

Example 1

PS C:\> Get-AdPkiContainer -ContainerType NTAuth | Remove-AdCertificate -Thumbprint "EC9385E533782453D5C285B2A67311447FB57A6F", "3E778F108E7DC983939732AFAC3EE89383478973" -Dispose

This command retrieves NTAuth container from Active Directory and removes all certificate occurences with specified certificate thumbprints. After operation completion, input object (NTAuth container) is disposed.

Example 2

PS C:\> $aia = Get-AdPkiContainer -ContainerType AIA
PS C:\> $entries = $aia.Certificates | Where-Object {$_.Name -eq "Contoso CA"}
PS C:\> Get-AdPkiContainer -ContainerType AIA | Remove-AdCertificate -Certificate $entries -Dispose -ForceDelete

First line retrieves AIA (SubCA) container from Active Directory. Second line selects all certificate enries for "Contoso CA" in specified container. Third line removes selected entries from AIA container and deletes empty CA entry from Active Directory. After operation completion, input object (AIA container) is disposed.

Minimum PowerShell version support

Windows PowerShell 3.0

Operating System Support

Windows 7
Windows 8
Windows 8.1
Windows 10
Windows 11
Windows Server 2008 R2 all editions
Windows Server 2012 all editions
Windows Server 2012 R2 all editions
Windows Server 2016 all editions
Windows Server 2019 all editions
Windows Server 2022 all editions