We're headed to GridSecCon 2024, October 22-25 in Minneapolis, MN! Learn more here

PowerShell PKI Module Documentation

Documentation Home
This command is not available in non-domain environments

Remove-AdCertificateRevocationList

Synopsis

Removes certificate revocation list (CRL) from Active Directory.

Syntax

Remove-AdCertificateRevocationList -CdpContainer <DsCDPContainer> -CertificateRevocationList <DsCrlEntry[]> [-ForceDelete] [-Dispose] [<CommonParameters>]

Remove-AdCertificateRevocationList -CdpContainer <DsCDPContainer> -Thumbprint <String[]> [-ForceDelete] [-Dispose] [<CommonParameters>]

Description

Removes certificate revocation list (CRL) from Active Directory.

Parameters

-CdpContainer <DsCDPContainer>

Specifies the CDP container object to remove CRL from.

Required? True
Position? named
Default value
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? False

-CertificateRevocationList <DsCrlEntry[]>

Specifies one or more CRL entries to remove. Parameter objects are part of 'RevocationLists' property of CDP container.

Required? True
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? False

-ForceDelete <SwitchParameter>

Deletes associated Active Directory entry when all CRL objects are removed from container. This operation keeps Active Directory in cleaner state by removing empty objects. This parameter only deletes empty CRL entries and does not delete empty containers.

Required? False
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? False

-Dispose <SwitchParameter>

Disposes input AD container object. AD container object contains active reference to LDAP object and it is recommended to release object when it is no longer necessary to avoid memory leaks.

Required? False
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? False

-Thumbprint <String[]>

Specifies an array of strings that represents CRL thumbprint to remove. All CRLs with matching thumbprint will be deleted from Active Directory CDP container.

Required? True
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

SysadminsLV.PKI.Management.ActiveDirectory.DsCDPContainer

Outputs

SysadminsLV.PKI.Management.ActiveDirectory.DsCDPContainer

Notes

Examples

Example 1

PS C:\> Get-AdPkiContainer -ContainerType CDP | Remove-AdCertificateRevocationList -Thumbprint "1C4BF393320A6C70D5C506AF9F422950B0C11EAB6273132C9B326438AB1C0929", "17FCB3E67512017E4611FBA9052164031F1D873F800E613A96AC09F77D269349" -Dispose -ForceDelete

This command retrieves CDP container from Active Directory and removes all CRLs with specified certificate thumbprints. If particular CDP entry in Active Directory is empty, it is deleted. After operation completion, input object (CDP container) is disposed.

Example 2

PS C:\> $cdp = Get-AdPkiContainer -ContainerType CDP
PS C:\> $entries = $cdp.RevocationLists | Where-Object {$_.HostName -eq "subca01"}
PS C:\> Get-AdPkiContainer -ContainerType CDP | Remove-AdCertificateRevocationList -CRL $entries -Dispose -ForceDelete

First line retrieves CDP container from Active Directory. Second line selects all CRL entries for "subca01" host name in specified container. Third line removes selected entries from CDP container and deletes empty CDP entries from Active Directory. After operation completion, input object (CDP container) is disposed.

Related links

Get-AdPkiContainer
Add-AdCertificateRevocationList
Add-AdCertificate
Remove-AdCertificate

Minimum PowerShell version support

  • Windows PowerShell 3.0

Operating System Support

  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows 10
  • Windows 11
  • Windows Server 2008 R2 all editions
  • Windows Server 2012 all editions
  • Windows Server 2012 R2 all editions
  • Windows Server 2016 all editions
  • Windows Server 2019 all editions
  • Windows Server 2022 all editions