Get-RmsChildCert
Get-RmsChildCert
Returns all child certificates from a parent certificate used in a user request for the Active Directory Rights Management Services (AD RMS) cluster.
Syntax
Get-RmsChildCert [-StartTime <DateTime>] [-EndTime <DateTime>] -ParentCertId <String> -ParentCertType <String> [-Path] <String[]> [-WhatIf] [-Confirm] [<CommonParameters>]
Detailed Description
This cmdlet returns all issuance licenses from a parent client licensor certificate (CLC) or all end-user licenses (EULs) from a parent issuance license used in a user request on the Active Directory Rights Management Services (AD RMS) cluster.
To obtain licenses, specify the ParentCertID and ParentCertType of the parent certificate for which you want to retrieve child certificates and then set the Path parameter to the AD RMS provider drive subpath “<PSDrive>:\Report” where <PSDrive> is the provider drive ID. You can also specify a relative path. For example, “.” specifies the current location.
Use the Get-RmsCertChain cmdlet to obtain the ParentCertID and the ParentCertType of the certificate for which you to retrieve child certificates. The ParentCertID value returned is valid only for the cluster identified by the Path parameter of Get-RmsCertChain. You cannot use a ParentCertID to identify the same certificate in different clusters.
Parameters
-StartTime <DateTime>
Specifies the beginning of a time period. This parameter specifies a time value.
The following examples show commonly-used syntax to specify a time. Time is assumed to be local time unless otherwise specified. When a time value is not specified, the time is assumed to 12:00:00 AM local time. When a date is not specified, the date is assumed to be the current date.
- “4/17/2006”
- “Monday, April 17, 2006”
- “2:22:45 PM”
- “Monday, April 17, 2006 2:22:45 PM”
These examples specify the same date and the time without the seconds.
- "4/17/2006 2:22 PM”
- "Monday, April 17, 2006 2:22 PM"
- "2:22 PM”
The following example shows how to specify a date and time by using the RFC1123 standard. This example defines time by using Greenwich Mean Time (GMT).
-"Mon, 17 Apr 2006 21:22:48 GMT”
The following example shows how to specify a round-trip value as Coordinated Universal Time (UTC). This example represents Monday, April 17, 2006 at 2:22:48 PM UTC.
-"2000-04-17T14:22:48.0000000"
Attributes
| Name | Value |
|---|---|
Required? |
false |
Accept wildcard characters? |
false |
Accept Pipeline Input? |
true (ByValue, ByPropertyName) |
Position? |
named |
-EndTime <DateTime>
Specifies the end of a time period for a system health report. This parameter specifies a time value. See the description of the StartTime parameter for information on specifying a time.
Attributes
| Name | Value |
|---|---|
Required? |
false |
Accept wildcard characters? |
false |
Accept Pipeline Input? |
true (ByValue, ByPropertyName) |
Position? |
named |
-ParentCertId <String>
Specifies the parent certificate for which child certificates are to be returned.
Attributes
| Name | Value |
|---|---|
Required? |
true |
Accept wildcard characters? |
false |
Accept Pipeline Input? |
true (ByValue, ByPropertyName) |
Position? |
named |
-ParentCertType <String>
Specifies the type of parent certificate for which child certificates are to be returned. Possible values for this parameter are Client-Licensor-Certificate (or CLC) or Issuance-License (or IL).
Attributes
| Name | Value |
|---|---|
Required? |
true |
Accept wildcard characters? |
false |
Accept Pipeline Input? |
true (ByValue, ByPropertyName) |
Position? |
named |
-Path <String[]>
Specifies a provider drive and path or relative path on the current drive. This parameter is required. Use a dot (.) to specify the current location. This parameter does not accept wildcards and has no default value.
Attributes
| Name | Value |
|---|---|
Required? |
true |
Accept wildcard characters? |
false |
Accept Pipeline Input? |
true (ByValue, ByPropertyName) |
Position? |
1 |
-WhatIf <SwitchParameter>
Describes what would happen if you executed the command without executing the command.
Attributes
| Name | Value |
|---|---|
Required? |
false |
Accept wildcard characters? |
false |
Accept Pipeline Input? |
false |
Position? |
named |
-Confirm <SwitchParameter>
Prompts you for confirmation before executing the command.
Attributes
| Name | Value |
|---|---|
Required? |
false |
Accept wildcard characters? |
false |
Accept Pipeline Input? |
false |
Position? |
named |
-CommonParameter
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see About Common Parameter
Input and Return Types
The input type is the type of the objects that you can pipe to the cmdlet. The return type is the type of the objects that the cmdlet emits.
Input Type |
. |
Return Type |
. |
Notes
Examples
EXAMPLE 1
C:\PS>Get-RmsChildCert -Path . -parentCertId 8AGI9GoWuobJDsTmr/CUHTCEpsI= -ParentCertType CLC
This command returns all child certificates from a parent client licensor certificate.
EXAMPLE 2
C:\PS>$parentCert = Get-RmsCertChain -Path . -RequestID 3 | Where {$_.CertificateType -eq 'Client-Licensor-Certificate'}
Get-RmsChildCert -Path . -ParentCertId $parentCert.CertificateID -ParentCertType $parentCert.CertificateType
This command stores a certificate obtained from the Get-RmsCertChain cmdlet in a variable and then uses that variable to pass the certificate ID and type to the Get-RmsChildCert cmdlet to return child certificates.
See Also
Reference
Get-RmsCertInfo
Get-RmsCertChain
Get-RmsUserRequestReport
com/fwlink/?LinkId=136806