_ _____ _______ _ _ _______ _______ _____ _______ _ _
| | | | |____/ |______ | | | | | |_____|
|_____ |_____| |_____ | \_ ______| | | | __|__ | | |
.--. .--. .--.
/.-. '----------. /.-. '----------. /.-. '----------.
\'-' .--'--''-'-' \'-' .--'--''-'-' \'-' .--'--''-'-'
'--' '--' '--'
A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services
PS> .\Invoke-Locksmith.ps1
Running Invoke-Locksmith.ps1
with no parameters or -Mode 0
will scan the current forest and output all discovered AD CS issues to the console in Table format.
PS> .\Invoke-Locksmith.ps1 -Mode 1
This mode scans the current forest and outputs all discovered AD CS issues and possible fixes to the console in List format.
PS> .\Invoke-Locksmith.ps1 -Mode 2
Locksmith Mode 2 scans the current forest and outputs all discovered AD CS issues to ADCSIssues.CSV in the present working directory.
PS> .\Invoke-Locksmith.ps1 -Mode 3
In Mode 3, Locksmith scans the current forest and outputs all discovered AD CS issues and example fixes to ADCSRemediation.CSV in the present working directory.
PS> .\Invoke-Locksmith.ps1 -Mode 4
Mode 4 is the "easy button." Running Locksmith in Mode 4 will identify all misconfigurations and attempt to fix each issue.