PowerShell PKI Module Documentation

Documentation Home
This command is not available in non-domain environments

Add-AdCertificateRevocationList

Synopsis

Adds certificate revocation list (CRL) to Active Directory.

Syntax

Add-AdCertificateRevocationList [-CdpContainer] <DsCDPContainer> [-CertificateRevocationList] <X509CRL2> [[-HostName] <String>] [-Dispose] [<CommonParameters>]

Description

Adds certificate revocation list (CRL) to Active Directory. CRLs are stored in Active Directory under 'CN=CDP, CN=Public Key Services, CN=Services, {ConfigurationNamingContext}'. A subcontainer is created for each CA under CDP container. Subcontainer, usually, is short or NetBIOS name of CA server. Custom names are supported. Subcontainer stores CRL entries for each CA private key. Unlike other AD PKI containers, contents of CDP container is not propagated to clients and are used only when explicit URL is specified in the certificate's CDP (CRL Distribution Points) extension.

Parameters

-CdpContainer <DsCDPContainer>

Specifies the CDP container object to add the CRL to.

Required? True
Position? 0
Default value
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? False

-CertificateRevocationList <X509CRL2>

Specifies the certificate revocation list object to add.

Required? True
Position? 1
Default value
Accept pipeline input? false
Accept wildcard characters? False

-HostName <String>

Specifies the subcontainer name which is usually a short or NetBIOS name of CA computer. This parameter can be omitted when CRL includes 'Published CRL Locations' CRL extension, which includes exact path in Active Directory to publish to. If CRL doesn't include 'Published CRL Locations' CRL extension, this parameter is required, otherwise, an error will be thrown.

Required? False
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? False

-Dispose <SwitchParameter>

Disposes input AD container object. AD container object contains active reference to LDAP object and it is recommended to release object when it is no longer necessary to avoid memory leaks.

Required? False
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

SysadminsLV.PKI.Management.ActiveDirectory.DsCDPContainer

Outputs

SysadminsLV.PKI.Management.ActiveDirectory.DsCDPContainer

Notes

Examples

Example 1

PS C:\> $crl = Get-CRL -Path "c:\pki\contoso subca.crl"
PS C:\> Get-AdPkiContainer -ContainerType CDP | Add-AdCertificateRevocationList -CRL $crl -HostName "subca01" -Dispose

This command reads CRL object from file, retrieves CDP container from Active Directory and writes CRL to CDP object. During object creation, a dedicated subcontainer with name 'subca01' under CDP container is created. After operation completion, input object (CDP container) is disposed.

Related links

Get-AdPkiContainer
Remove-AdCertificateRevocationList
Add-AdCertificate
Remove-AdCertificate

Minimum PowerShell version support

  • Windows PowerShell 3.0

Operating System Support

  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows 10
  • Windows 11
  • Windows Server 2008 R2 all editions
  • Windows Server 2012 all editions
  • Windows Server 2012 R2 all editions
  • Windows Server 2016 all editions
  • Windows Server 2019 all editions
  • Windows Server 2022 all editions