PowerShell PKI Module Documentation
Documentation HomeRemove-AdcsDatabaseRow
Synopsis
Removes CA database rows individually or in a bulk based on removal filter.
Syntax
Remove-AdcsDatabaseRow -Request <Object> [<CommonParameters>]
Remove-AdcsDatabaseRow -CertificationAuthority <CertificateAuthority[]> [-Filter <String> {ExpiredCerts | ExpiredFailedPending | Request | CRL} ] -RemoveBefore <DateTime> [<CommonParameters>]
Description
Removes CA database rows individually or in a bulk based on removal filter. This command is mainly used to reduce CA database size by removing old and unnecessary database rows.
Hint: when you remove large number of database rows, it is recommended to perform a full CA database backup and restore to efficiently re-allocate disk space and update database log files.
Parameters
-Request <Object>
Specifies the request row object to remove from database.
Note: removal for database row objects that represent 'Attribute' or 'Extension' table is not supported. When database row from 'Request' table is removed, corresponding entries in 'Attribute' and 'Extension' tables are removed by CA server internally.
| Required? | True |
| Position? | named |
| Default value | |
| Accept pipeline input? | true (ByValue, ByPropertyName) |
| Accept wildcard characters? | False |
-Filter <String>
Specifies the filter that is used to determine the type of database rows to be deleted. This parameter works in conjunction with 'RemoveBefore' and 'CertificationAuthority' parameters. The following filters are available:
ExpiredCerts — removes issued and revoked certificates that expired (based on NotAfter field value) before the date specified in the 'RemoveBefore' parameter.
ExpiredFailedPending — removes issued and revoked certificates that were last modified before the date specified in the 'RemoveBefore' parameter.
Request — combines previous two filters.
CRL — removes published CRLs that expired (base on NextPublish field value) before the date specified in the 'RemoveBefore' parameter.
| Required? | False |
| Position? | named |
| Default value | |
| Accept pipeline input? | false |
| Accept wildcard characters? | False |
-CertificationAuthority <CertificateAuthority[]>
Specifies the certification authority to process. This parameter works in conjunction with 'Filter' and 'RemoveBefore' parameters.
| Required? | True |
| Position? | named |
| Default value | |
| Accept pipeline input? | true (ByValue, ByPropertyName) |
| Accept wildcard characters? | False |
-RemoveBefore <DateTime>
Specifies an expiration date when deleting certificates or CRLs, and a last modified date when deleting certificate requests. This parameter has no effect when you pass individual row objects.
Warning: if this parameter is not set, the command will remove all database rows specified by a filter! Think twice!
| Required? | True |
| Position? | named |
| Default value | |
| Accept pipeline input? | false |
| Accept wildcard characters? | False |
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
Inputs
SysadminsLV.PKI.Management.CertificateServices.Database.AdcsDbRow
PKI.CertificateServices.CertificateAuthority
Outputs
SysadminsLV.PKI.Utils.IServiceOperationResult
Notes
Examples
Example 1
PS C:\> Get-CertificationAuthority "ca01.company.com" | Get-PendingRequest -RequestID 15,63,112 | Remove-AdcsDatabaseRow
In this example, pending requests with RequestID equals to 15, 63 and 112 will be removed from CA database.
Example 2
PS C:\> Get-CertificationAuthority "ca01.company.com" | Get-FailedRequest | Remove-AdcsDatabaseRow
This command will remove all failed request. Other request types and tables will be untouched.
Example 3
PS C:\> Get-CertificationAuthority "ca01.company.com" | Remove-AdcsDatabaseRow -Filter "Request" -RemoveBefore $((Get-Date).AddYears(-1)) PS C:\> Get-CertificationAuthority "ca01.company.com" | Remove-AdcsDatabaseRow -Filter "CRL" -RemoveBefore $((Get-Date).AddYears(-1))
In this example, two commands are used to perform a full CA database cleanup. All certificate reuqests and CRLs that expired (or last modified for pending and failed requests) one year ago.
Related links
Get-CertificationAuthority
Connect-CertificationAuthority
Get-RevokedRequest
Get-IssuedRequest
Get-PendingRequest
Get-FailedRequest
Get-AdcsDatabaseRow
Minimum PowerShell version support
- Windows PowerShell 3.0
Operating System Support
- Windows 7
- Windows 8
- Windows 8.1
- Windows 10
- Windows 11
- Windows Server 2008 R2 all editions
- Windows Server 2012 all editions
- Windows Server 2012 R2 all editions
- Windows Server 2016 all editions
- Windows Server 2019 all editions
- Windows Server 2022 all editions