Getting Certificate Information in PowerShell

When you have certificates expiring, you need to be able to gather the information about the certificates so that you can prepare the renewal requests properly and get the certificate renewed. Now, Windows doesn’t have a native application that is readily available to look up certificate data. You have to open the MMC console and then add the proper Certificate Snap-In to gain access to the certificate store.

In dealing with this, I have found that PowerShell is a great method to be able to gather all of this data quickly and in a way where you can copy/paste the information that you need in order to generate your request properly for a new certificate or a renewal.

First off, you have to make sure that the PKI Module is installed on your system that you are running PowerShell on:

Download and install PowerShell PKI module from the PowerShell Gallery using PowerShell

Module Requirements

  • Windows PowerShell 3.0 or higher
  • .NET Framework 4.0 or higher

This module can run on any of the specified operating systems:

  • Windows Server 2008*/2008 R2*/2012*/2012 R2*/2016*/2019*
  • Windows Vista/7/8/8.1/10

* — Server Core installation is not supported.

NOTE: Module installation requires installed RSAT (Remote System Administration Tools)

Once you have it installed, you can then begin accessing the Certificate Store on the server that you are on:

NOTE: Setting the location to LocalMachine\My will place PowerShell in the Personal Store of the Local Computer Account.

The Get-ChildItem cmdlet will return the information of the certificates that are in the directory that you are in. You can also amend the cmdlet with given parameters to get the information from another machine:

To get the properties of all certificates expiring in 120 days locally:

To get the properties of all certificates expiring in 120 days on a remote server:

Now, let’s say that you have certificates expiring in 120 days on all of your CAS Exchange Servers and you need to get the information on all those certificates since they do not have the same thumbprint. You can run the following commands in sequence to be able to get the information from all of those servers:

In another post I will expand on this topic and show how to generate CSRs, Import and Export Certificates, and renew certificates. I’m still doing research on those topics and will compile my information as soon as I can get it organized. Hope this helps!

Check the Crawl Status of a SharePoint Farm

A lot of times in my job, we get alerts for processor usage spikes and memory being below threshold for normal server usage. When these would occur on SharePoint servers, I would go through finding out what processes were running that were using a lot of processor and memory. Turns out that it was usually noderunner.exe that was causing the issue which has to deal with the crawl function of the SharePoint data being indexed by the servers in the farm. So, after looking around on a few sites, I compiled the following ps1 script that can be run on a SharePoint server to get the Crawling status of all the SharePoint Content Sites and how long it took to crawl during the prior cycle:

It will output:
– The name of the Content Site being Crawled
– Whether or not the crawl is idle
– If idle, when the crawl started
– If the last crawl took three hours or less

I hope this will give some help to those deep diving into SharePoint Performance.

Get-Counter cmdlets…

Sometimes you need to check performance counters within Windows for different services or applications. The problem is being able to record the output if needed.
I have been able to take care of this through PowerShell so that you can get an average of any performance counter output you need over a time period.

According to:
A “CookedValue” definition: Performance counters typically have raw values, second values, and cooked values. The raw values and second values are the raw ingredients used by the performance counter, and the “cooked value” is the result of “cooking” those ingredients into something for human consumption. So apparently the CookedValue is the result of combining the counter’s raw data to get a usable value that you can understand and work with.

Here are some examples for Windows:

Examples for Exchange Server:

A couple of links to listings of Performance Counters For Exchange:

Now, there are more counters available for all types of Windows Applications. You should be able to use every counter that is listed in Performance Monitor on the server you are running the test from.

You can always use the following command to get a list of counters on your server and save them to a file called perfcounters.txt in the C:\Files directory:

I will not go into too much detail as of now, but I will probably update this as I get more information and comments on the post.
Again, this blog is for quick reference and usage when doing reactive support. As this blog grows, I will add more in depth information. Don’t hesitate though to contact me with your questions and comments.

Show available RAM on a server

Here is a PowerShell .ps1 file snippet that will output the available RAM on a server.
You can name it freemem.ps1 and place in your local PowerShell scripts directory.
Thanks to the following for the script: Click Here

If you need to find out what processes are using the most memory, you can run the following PowerShell cmdlet to do so:

Happy Troubleshooting!

Getting all Exchange Databases listed and whether or not they are on their preferred node or not.

This is a great one liner in PowerShell that will allow you to get a listing of all the databases for your Exchange Server environment. It will also tell you if those databases are on their preferred node in the DAG and whether they are actively mounted on that node.

This is helpful to know if you have multiple database fail-overs and need to know which databases are where so that you can re-balance them properly. If you are in a large environment, this will help you get a handle on the issue and be able to remediate quickly.

Here is an example of the output:

Now, that you have your listing of DBs and their status, you can run the following script from PowerShell to mount those DBs to their preferred nodes:

Since SLA and remediation are big factors in reactive support, having these scripts help save the day when things get quirky in Exchange. Please comment and submit your scripts as well!

Getting Drive Space Through PowerShell for a Server

This cmdlet will list all your mounted volumes, their size, the file system used, and the available free space. You can modify the code to have a where-object statement: ? {$_.Name -like “*logs*”}. This helps if you have an exchange server that has multiple database volumes for DBs and logs and need to quickly find which volume is the culprit.

I also use a lot of these scripts to gather the information quickly so that I can post the output into my incidents that I am working. It’s good to have these handy.

Here is an example output:

NameFree, GBFree, %Capacity, GBFS

Welcome to my IT Blog…

This blog is going to be dedicated to pages, posts, documentation, links, and information that I find during my troubleshooting processes within the IT world. Some posts will contain code snippets that you can use with your own work if needed. Feel free to comment and get this thing rolling!

LDLNET LLC – Your source for Professional IT Services