Powershell script to scan for Expired SSL certificate for all server in OU not working

0
votes

I have used the DOMAIN\Administrator account is used for the credentials to run the below PowerShell script to scan for Expired SSL certificate:

$ScriptBlock = {
    Get-ChildItem Cert:\*\My -Recurse |
        Select-Object Subject, 
        DnsNameList, 
        NotAfter, 
        NotBefore, 
        Thumbprint, 
        Issuer,
        @{n = "SAN"; e = {Try {($_.Extensions | Where-Object {$_.Oid.Value -eq '2.5.29.17'}).Format(0)} Catch {} }},
        @{n = "IsValid"; e = {$today = Get-Date; If ( $_.NotBefore -lt $today -and $_.NotAfter -gt $today ) { $true } Else {$false} } } }

$computers = Get-ADComputer -Filter {Enabled -eq $True -and OperatingSystem -like "*Server*"} -SearchBase "OU=Servers,OU=Production Site 1,DC=Domain,DC=com" | 
                Where-Object {Test-Connection $_.Name -Count 1 -Quiet} | 
                Select-Object -expandProperty DnsHostName | 
                Export-Csv -Path C:\Logs\SSL.csv -NoTypeInformation

$adCred = Get-Credential Invoke-Command -ComputerName $computers
-ScriptBlock $ScriptBlock -Credential $adCred

But, then I got the error:

[Microsoft.PowerShell.Commands.Internal.Format.FormatEntryData] Connecting to remote server Microsoft.PowerShell.Commands.Internal.Format.FormatEntryData failed with the following error message : WinRM cannot process the request. The following error occurred while using Kerberos authentication: Cannot find the computer Microsoft.PowerShell.Commands.Internal.Format.FormatEntryData. Verify that the computer exists on the network and that the name provided is spelled correctly. For more information, see the about_Remote_Troubleshooting Help topic. + CategoryInfo : OpenError: (Microsoft.Power...FormatEntryData:String) [], PSRemotingTransportException + FullyQualifiedErrorId : NetworkPathNotFound,PSSessionStateBroken

How to fix it so I can get the CSV result?

The updated error code is now:

Invoke-Command : Cannot validate argument on parameter 'ComputerName'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again. At line:19 char:30 + Invoke-Command -ComputerName $computers -ScriptBlock $ScriptBlock -Cr ... + ~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [Invoke-Command], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.InvokeCommandCommand

1
powershellscriptingactive-directorywindows-scripting
Cannot find the computer = looks like you're trying to connect to a computer which does not exist, is offline or otherwise not reachable - TobyU
Your code suggest you have $erroractionpreference set to silent or ignore, which is horrible for developing code. You have repeating expand statements here which will error out: $computers = Get-ADComputer -Filter {Enabled -eq $True} -SearchBase "OU=Servers,OU=Production,DC=Domain,DC=com" | Select-Object -expandProperty DnsHostName | Select-Object -expandProperty DnsHostName | Export-Csv -Path C:\Logs\SSL.csv -NoTypeInformation - Scepticalist
As an aside: It's best to avoid the use of script blocks ({ ... }) as -Filter arguments. - mklement0
I have already updated the code with the formatting, it is now complaining for the same error. - Senior Systems Engineer
Note we prefer a technical style of writing here. We gently discourage greetings, hope-you-can-helps, thanks, advance thanks, notes of appreciation, regards, kind regards, signatures, please-can-you-helps, chatty material and abbreviated txtspk, pleading, how long you've been stuck, voting advice, meta commentary, etc. Just explain your problem, and show what you've tried, what you expected, and what actually happened. - halfer

1 Answers

3
votes

This line is incorrect for a start

$computers = Get-ADComputer -Filter {Enabled -eq $True} -SearchBase "OU=Servers,OU=Production,DC=Domain,DC=com" | 
    Select-Object -expandProperty DnsHostName | 
       Select-Object -expandProperty DnsHostName | #bad line
          Export-Csv -Path C:\Logs\SSL.csv -NoTypeInformation

Should be 

$computers = Get-ADComputer -Filter {Enabled -eq $True} -SearchBase "OU=Servers,OU=Production,DC=Domain,DC=com" | 
    Select-Object -expandProperty DnsHostName | 
        Export-Csv -Path C:\Logs\SSL.csv -NoTypeInformation