PowerShell PKI Module Documentation
Documentation HomeAdd-AdCertificateRevocationList
Synopsis
Adds certificate revocation list (CRL) to Active Directory.
Syntax
Add-AdCertificateRevocationList [-CdpContainer] <DsCDPContainer> [-CertificateRevocationList] <X509CRL2> [[-HostName] <String>] [-Dispose] [<CommonParameters>]
Description
Adds certificate revocation list (CRL) to Active Directory. CRLs are stored in Active Directory under 'CN=CDP, CN=Public Key Services, CN=Services, {ConfigurationNamingContext}'. A subcontainer is created for each CA under CDP container. Subcontainer, usually, is short or NetBIOS name of CA server. Custom names are supported. Subcontainer stores CRL entries for each CA private key. Unlike other AD PKI containers, contents of CDP container is not propagated to clients and are used only when explicit URL is specified in the certificate's CDP (CRL Distribution Points) extension.
Parameters
-CdpContainer <DsCDPContainer>
Specifies the CDP container object to add the CRL to.
| Required? | True |
| Position? | 0 |
| Default value | |
| Accept pipeline input? | true (ByValue, ByPropertyName) |
| Accept wildcard characters? | False |
-CertificateRevocationList <X509CRL2>
Specifies the certificate revocation list object to add.
| Required? | True |
| Position? | 1 |
| Default value | |
| Accept pipeline input? | false |
| Accept wildcard characters? | False |
-HostName <String>
Specifies the subcontainer name which is usually a short or NetBIOS name of CA computer. This parameter can be omitted when CRL includes 'Published CRL Locations' CRL extension, which includes exact path in Active Directory to publish to. If CRL doesn't include 'Published CRL Locations' CRL extension, this parameter is required, otherwise, an error will be thrown.
| Required? | False |
| Position? | 2 |
| Default value | |
| Accept pipeline input? | false |
| Accept wildcard characters? | False |
-Dispose <SwitchParameter>
Disposes input AD container object. AD container object contains active reference to LDAP object and it is recommended to release object when it is no longer necessary to avoid memory leaks.
| Required? | False |
| Position? | named |
| Default value | |
| Accept pipeline input? | false |
| Accept wildcard characters? | False |
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
Inputs
SysadminsLV.PKI.Management.ActiveDirectory.DsCDPContainer
Outputs
SysadminsLV.PKI.Management.ActiveDirectory.DsCDPContainer
Notes
Examples
Example 1
PS C:\> $crl = Get-CRL -Path "c:\pki\contoso subca.crl" PS C:\> Get-AdPkiContainer -ContainerType CDP | Add-AdCertificateRevocationList -CRL $crl -HostName "subca01" -Dispose
This command reads CRL object from file, retrieves CDP container from Active Directory and writes CRL to CDP object. During object creation, a dedicated subcontainer with name 'subca01' under CDP container is created. After operation completion, input object (CDP container) is disposed.
Related links
Get-AdPkiContainer
Remove-AdCertificateRevocationList
Add-AdCertificate
Remove-AdCertificate
Minimum PowerShell version support
- Windows PowerShell 3.0
Operating System Support
- Windows 7
- Windows 8
- Windows 8.1
- Windows 10
- Windows 11
- Windows Server 2008 R2 all editions
- Windows Server 2012 all editions
- Windows Server 2012 R2 all editions
- Windows Server 2016 all editions
- Windows Server 2019 all editions
- Windows Server 2022 all editions