Share via


Get-RmsChildCert

Get-RmsChildCert

Returns all child certificates from a parent certificate used in a user request for the Active Directory Rights Management Services (AD RMS) cluster.

Syntax

Get-RmsChildCert [-StartTime <DateTime>] [-EndTime <DateTime>] -ParentCertId <String> -ParentCertType <String> [-Path] <String[]> [-WhatIf] [-Confirm] [<CommonParameters>]

Detailed Description

This cmdlet returns all issuance licenses from a parent client licensor certificate (CLC) or all end-user licenses (EULs) from a parent issuance license used in a user request on the Active Directory Rights Management Services (AD RMS) cluster.

To obtain licenses, specify the ParentCertID and ParentCertType of the parent certificate for which you want to retrieve child certificates and then set the Path parameter to the AD RMS provider drive subpath “<PSDrive>:\Report” where <PSDrive> is the provider drive ID. You can also specify a relative path. For example, “.” specifies the current location.

Use the Get-RmsCertChain cmdlet to obtain the ParentCertID and the ParentCertType of the certificate for which you to retrieve child certificates. The ParentCertID value returned is valid only for the cluster identified by the Path parameter of Get-RmsCertChain. You cannot use a ParentCertID to identify the same certificate in different clusters.

Parameters

-StartTime <DateTime>

Specifies the beginning of a time period. This parameter specifies a time value.

The following examples show commonly-used syntax to specify a time. Time is assumed to be local time unless otherwise specified. When a time value is not specified, the time is assumed to 12:00:00 AM local time. When a date is not specified, the date is assumed to be the current date.
- “4/17/2006”
- “Monday, April 17, 2006”
- “2:22:45 PM”
- “Monday, April 17, 2006 2:22:45 PM”

These examples specify the same date and the time without the seconds.
- "4/17/2006 2:22 PM”
- "Monday, April 17, 2006 2:22 PM"
- "2:22 PM”

The following example shows how to specify a date and time by using the RFC1123 standard. This example defines time by using Greenwich Mean Time (GMT).
-"Mon, 17 Apr 2006 21:22:48 GMT”

The following example shows how to specify a round-trip value as Coordinated Universal Time (UTC). This example represents Monday, April 17, 2006 at 2:22:48 PM UTC.
-"2000-04-17T14:22:48.0000000"

Attributes

Name Value

Required?

false

Accept wildcard characters?

false

Accept Pipeline Input?

true (ByValue, ByPropertyName)

Position?

named

-EndTime <DateTime>

Specifies the end of a time period for a system health report. This parameter specifies a time value. See the description of the StartTime parameter for information on specifying a time.

Attributes

Name Value

Required?

false

Accept wildcard characters?

false

Accept Pipeline Input?

true (ByValue, ByPropertyName)

Position?

named

-ParentCertId <String>

Specifies the parent certificate for which child certificates are to be returned.

Attributes

Name Value

Required?

true

Accept wildcard characters?

false

Accept Pipeline Input?

true (ByValue, ByPropertyName)

Position?

named

-ParentCertType <String>

Specifies the type of parent certificate for which child certificates are to be returned. Possible values for this parameter are Client-Licensor-Certificate (or CLC) or Issuance-License (or IL).

Attributes

Name Value

Required?

true

Accept wildcard characters?

false

Accept Pipeline Input?

true (ByValue, ByPropertyName)

Position?

named

-Path <String[]>

Specifies a provider drive and path or relative path on the current drive. This parameter is required. Use a dot (.) to specify the current location. This parameter does not accept wildcards and has no default value.

Attributes

Name Value

Required?

true

Accept wildcard characters?

false

Accept Pipeline Input?

true (ByValue, ByPropertyName)

Position?

1

-WhatIf <SwitchParameter>

Describes what would happen if you executed the command without executing the command.

Attributes

Name Value

Required?

false

Accept wildcard characters?

false

Accept Pipeline Input?

false

Position?

named

-Confirm <SwitchParameter>

Prompts you for confirmation before executing the command.

Attributes

Name Value

Required?

false

Accept wildcard characters?

false

Accept Pipeline Input?

false

Position?

named

-CommonParameter

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see About Common Parameter

Input and Return Types

The input type is the type of the objects that you can pipe to the cmdlet. The return type is the type of the objects that the cmdlet emits.

Input Type

.

Return Type

.

Notes

Examples

EXAMPLE 1

C:\PS>Get-RmsChildCert -Path . -parentCertId 8AGI9GoWuobJDsTmr/CUHTCEpsI= -ParentCertType CLC

This command returns all child certificates from a parent client licensor certificate.

EXAMPLE 2

C:\PS>$parentCert = Get-RmsCertChain -Path . -RequestID 3 | Where {$_.CertificateType -eq 'Client-Licensor-Certificate'}

Get-RmsChildCert -Path . -ParentCertId $parentCert.CertificateID -ParentCertType $parentCert.CertificateType

This command stores a certificate obtained from the Get-RmsCertChain cmdlet in a variable and then uses that variable to pass the certificate ID and type to the Get-RmsChildCert cmdlet to return child certificates.

See Also

Reference

Get-RmsCertInfo
Get-RmsCertChain
Get-RmsUserRequestReport
com/fwlink/?LinkId=136806