New-CertificateNotificationTask
Creates a new task in the Task Scheduler that will be triggered when a certificate is replaced, expired, or about to expired.
Syntax
Default (Default)
New-CertificateNotificationTask
-Type <CertificateNotificationType>
[-RunTaskForExistingCertificates]
-PSScript <String>
-Name <String>
-Channel <NotificationChannel>
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The New-CertificateNotificationTask cmdlet creates a new task in the Task Scheduler that will be
triggered when a certificate is replaced or expires. The task will launch the script specified by
the PSScript parameter.
If the RunTaskForExistingCertificates parameter is specified, then after this cmdlet is
registered, the cmdlet will go through all certificates (including archived certificates) in the My
store and initiate Replace events for all certificates with a Renewal property. The NewCertHash
value will always be the one at the end of the renewal chain. For example; if certificate A was
renewed to certificate B, which was then renewed to certificate C, then the cmdlet fires two events:
certificate A to certificate C and certificate B to certificate C. This will ensure that
applications that are still using old certificates are properly updated to the newest certificates.
If any certificate has a renewal chain longer than 20, then the certificate is not logged.
Examples
EXAMPLE 1
$params = @{
PSScript = 'C:\myscript.ps1'
Channel = 'System'
Type = 'Replace'
Name = 'My System Certificate Task'
}
New-CertificateNotificationTask @params
This example creates a system notification task for certificate replacement events with the name
My System Certificate Task that will launch the C:\myscript.ps1 script. The cmdlet will run on
the local system.
EXAMPLE 2
$params = @{
PSScript = 'C:\myscript.ps1'
Channel = 'User'
Type = 'Expire'
Name = 'My User Certificate Task'
}
New-CertificateNotificationTask @params
This example creates a system notification task for the expiration and close-to-expiration
certificate events with the name My User Certificate Task that will launch the C:\myscript.ps1.
The cmdlet will run for all currently logged on users in the user contexts.
Parameters
-Channel
Sets the channel of the CertificateServicesClient-Notifications log that will be monitored for certificate lifecycle events. The acceptable values for this parameter are:
System: The Operation-System channel will be used. This channel should be used to modify system certificate bindings that use computer certificates.User: The Operational-User channel will be used. This channel should be used to modify user certificate bindings.
Parameter properties
| Type: | Microsoft.CertificateServices.Commands.NotificationChannel |
| Default value: | None |
| Accepted values: | System, User |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
| Type: | SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Name
Specifies the unique name for the certificate notification task. If a certificate notification task with the same name already exists, then an error is generated.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-PSScript
Identifies the Windows PowerShell script that will be triggered by the certificate notification task. The script will be launched with the NonInteractive parameter.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-RunTaskForExistingCertificates
Generates a replacement notification for any certificate in the My store that has been replaced in
the past. For the notification to be generated both certificates must be present in the store. This
parameter can only be used with the Replace type.
Note
The following warning is displayed when this parameter set to False and there are some
certificates in MY store that would have resulted in a notification.
There are certificates in My store that have been replaced in the past. You can use the
New-CertificateNotification cmdlet with the RunTaskForExistingCerts parameter to generate
notifications for those certificates to correct any configuration problems that you may already
have on this machine.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Type
Specifies the type of events that will trigger certificate notifications. The acceptable values for this parameter are:
Replace: Certificate replacement events will trigger this notification, including certificates that are renewed by auto-enrollment, using the Certificates snap-in, or by using theSwitch-Certificatecmdlet.Expire: Certificate expiration and close-to-expire events will trigger this notification.
Parameter properties
| Type: | Microsoft.CertificateServices.Commands.CertificateNotificationType |
| Default value: | None |
| Accepted values: | Replace, Expire |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Parameter properties
| Type: | SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
None
Outputs
Microsoft.CertificateServices.Command.CertificateNotificationTask
A CertificateNotificationTask object that contains details about a newly created task.