Come and Check our BETA Alpha version of Powershellcenter.net
Send me your comment to Powershell@powershellcenter.com

Synopsis

Remove certificate revocation lists from the CRL distribution point (CDP) container in Active Directory.

This cmdlet is part of the Quest ActiveRoles Server product. Use Get-QARSProductInfo to view information about ActiveRoles Server.

Syntax

Unpublish-QADCertificateRevocationList [-CAName] <string[]> [-CRL] <CertificateRevocationListUI[]> [-Connection <ArsConnection>] [-ConnectionAccount <string>] [-ConnectionPassword <SecureString>] [-Credential <PSCredential>] [-Force] [-Forest <string>] [-Proxy] [-Service <string>] [-UseGlobalCatalog] [-Confirm] [-WhatIf] [<CommonParameters>]

Detailed Description

Use this cmdlet to unpublish certificate revocation lists from the CRL distribution point (CDP) container in the Active Directory configuration naming context. The CDP container is the publication point for the certification authorities' (CA) certificate revocation lists (CRL). Publishing a CA's certificate revocation list to the CDP container enables all domain members to verify the revocation status of certificates issued by the CA. For every Active Directory forest, the CDP container is located in the forest's Configuration naming context, and is therefore replicated to every domain controller in the forest. Note that the CRLs that are available in the CDP container are not automatically deployed into client computers, so CRLs in this container have an effect only on certificates whose CRL distribution points setting specifies the CDP container as a CRL location. Unpublishing a CRL effectively removes the CRL from a certain CRL distribution point (cRLDistributionPoint) object held in a sub-container of the CDP container, with the sub-container normally identified by the NetBIOS name of a particular CA server computer. The cmdlet allows you to specify one or more CA names for a single unpublish operation.

Parameters

-CAName [<string[]>]

Use this parameter to specify the Certification Authority name for the unpublish operation. When unpublishing a certificate revocation list (CRL), the cmdlet removes the CRL to a certain CRL distribution point (cRLDistributionPoint) object in a sub-container of the CDP container, with the sub-container's name identified by the value of this parameter. A parameter value could be the NetBIOS name of the server running the Certification Authority for which you want to unpublish a certificate revocation list (see examples).

Required?   true
Position?   1
Default value?  
Accept pipeline input?   true (ByPropertyName)
Accept wildcard characters?   false

-Connection [<ArsConnection>]

For parameter description, see help on the Connect-QADService cmdlet.

Required?   false
Position?   named
Default value?  
Accept pipeline input?   false
Accept wildcard characters?   false

-ConnectionAccount [<string>]

For parameter description, see help on the Connect-QADService cmdlet.

Required?   false
Position?   named
Default value?  
Accept pipeline input?   false
Accept wildcard characters?   false

-ConnectionPassword [<SecureString>]

For parameter description, see help on the Connect-QADService cmdlet.

Required?   false
Position?   named
Default value?  
Accept pipeline input?   false
Accept wildcard characters?   false

-Credential [<PSCredential>]

For parameter description, see help on the Connect-QADService cmdlet.

Required?   false
Position?   named
Default value?  
Accept pipeline input?   false
Accept wildcard characters?   false

-CRL [<CertificateRevocationListUI[]>]

Use this parameter to specify the CRL objects representing the certificate revocation lists to remove. This could be output objects of the Import-QADCertificateRevocationList cmdlet (see examples).

Required?   true
Position?   2
Default value?  
Accept pipeline input?   true (ByValue)
Accept wildcard characters?   false

-Force [<SwitchParameter>]

Supply this parameter to delete the CRL distribution point (cRLDistributionPoint) object from which all certificate revocation lists have been removed by the unpublish operation. Without this parameter, the cmdlet does not delete the cRLDistributionPoint object, even though all certificate revocation lists are removed from that object. This parameter also causes the cmdlet to delete the container that held the deleted cRLDistributionPoint object, if the container is empty.

Required?   false
Position?   named
Default value?  
Accept pipeline input?   false
Accept wildcard characters?   false

-Forest [<string>]

Use this parameter to identify the Active Directory forest where you want to unpublish certificate revocation lists. Parameter value is the fully qualified distinguished name of the forest root domain. This parameter only has an effect on the operations being performed through ActiveRoles Server (connection established using the Proxy parameter). In case of a proxy connection, the Forest parameter is required to identify the forest of the target CDP container, since ActiveRoles Server could be configured to manage domains from more than one forest.

Required?   false
Position?   named
Default value?  
Accept pipeline input?   true (ByPropertyName)
Accept wildcard characters?   false

-Proxy [<SwitchParameter>]

For parameter description, see help on the Connect-QADService cmdlet.

Required?   false
Position?   named
Default value?  
Accept pipeline input?   false
Accept wildcard characters?   false

-Service [<string>]

For parameter description, see help on the Connect-QADService cmdlet.

Required?   false
Position?   named
Default value?  
Accept pipeline input?   false
Accept wildcard characters?   false

-UseGlobalCatalog [<SwitchParameter>]

For parameter description, see help on the Connect-QADService cmdlet.

Required?   false
Position?   named
Default value?  
Accept pipeline input?   false
Accept wildcard characters?   false

-Confirm [<SwitchParameter>]

Prompts you for confirmation before executing the command.

Required?   false
Position?   named
Default value?  
Accept pipeline input?   false
Accept wildcard characters?   false

-WhatIf [<SwitchParameter>]

Describes what would happen if you executed the command without actually executing the command.

Required?   false
Position?   named
Default value?  
Accept pipeline input?   false
Accept wildcard characters?   false

Input Type

Return Type

Notes

Examples

EXAMPLE 1

PS> dir c:\crl | Import-QADCertificateRevocationList | Unpublish-QADCertificateRevocationList CAName CA3SRV -Force

Description

-----------

Remove the certificate revocation lists found in the files held in the c:\crl folder, from a CRL distribution point object for the CA server named CA3SRV. The Force parameter in this command causes the cmdlet to delete the CRL distribution point object from which all certificate revocation lists are removed.