Hello Ben Wosjke,
Thank you for posting in Q&A forum.
1.Hi all - tag entered as "Active directory" as there does not appear to be a tag for "certificate Authority" or "PKI"
A: Yes, you are selecting the correct tag.
*
2.certutil -deleterow 01/01/2016 request*
A: From the example below, your command means it deletes failed and pending requests submitted before January 1, 2016.
3.Is anyone able to tell me how "certutil -DeleteRow" works? i.e. does it work through each record in the ese database and check? or is it a bit smarter using statements to narrow down the fields?
A: I think it is a bit smarter using statements to narrow down the fields.
For example:
In my lab, the first runs fast (takes maybe one second). The second takes 3-4 seconds to run.
4.just trying to work out if its better to run smaller cleanup's.... or if its going to take the same amount of time, every time (as it checks every row) - just one big cleanup.
A: I think it is better to run smaller cleanups.
For more information, please refer to link below.
certutil
https://learn.microsoft.com/zh-cn/windows-server/administration/windows-commands/certutil
I hope the information above is helpful.
If you have any questions or concerns, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.