diff --git a/ADCSTemplate.psm1 b/ADCSTemplate.psm1 index 5afdda8..170bac8 100755 --- a/ADCSTemplate.psm1 +++ b/ADCSTemplate.psm1 @@ -238,6 +238,8 @@ Function Get-RandomHex { Publish the template to *ALL* Certificate Authority issuers. Use with caution in production environments. You may want to manually publish to only specific Certificate Authorities in production. In a lab this is ideal. + .PARAMETER PublishOn + String with a Certificate Authority name. Publish the template to this specific Certificate Authority. .NOTES This function does not use the official (complicated) API for PKI management. Instead it creates the exact same AD objects that are generated by the API, @@ -271,7 +273,9 @@ Function Get-RandomHex { [string]$Server = (Get-ADDomainController -Discover -ForceDiscover -Writable).HostName[0], [string[]]$Identity, # = "$((Get-ADDomain).NetBIOSName)\Domain Computers", [switch]$AutoEnroll, - [switch]$Publish + [switch]$Publish, + [string]$PublishOn + ) ### Put GroupName and AutoEnroll into a parameter set @@ -358,12 +362,15 @@ Function Get-RandomHex { #endregion #region ISSUE - If ($Publish) { - ### WARNING: Issues on all available CAs. Test in your environment. + If (($Publish) -or ($PSBoundParameters.ContainsKey('PublishOn'))) { + ### WARNING: Publishes the template on all available CAs if $Publish is set. Test in your environment. $EnrollmentPath = "CN=Enrollment Services,CN=Public Key Services,CN=Services,$ConfigNC" $CAs = Get-ADObject -SearchBase $EnrollmentPath -SearchScope OneLevel -Filter * -Server $Server ForEach ($CA in $CAs) { - Set-ADObject -Identity $CA.DistinguishedName -Add @{certificateTemplates=$DisplayName.Replace(' ','')} -Server $Server + $CAName = ($CA -split ",")[0].Substring(3) + If (($Publish) -or ($CAName -eq $PublishOn)) { + Set-ADObject -Verbose -Identity $CA.DistinguishedName -Add @{certificateTemplates=$DisplayName.Replace(' ','')} -Server $Server + } } } #endregion @@ -467,4 +474,4 @@ Function Get-RandomHex { Export-ModuleMember -Function *-ADCS* - + \ No newline at end of file