Locksmith: identify & remediate common misconfigurations in AD Certificate Services
Locksmith
A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services.
Mode 0 (Default) – Identify Issues and Output to Console
PS> .\Invoke-Locksmith.ps1
Running Invoke-Locksmith.ps1 with no parameters or -Mode 0 will scan the current forest and output all discovered AD CS issues to the console in Table format.
Mode 1 – Identify Issues + Fixes and Output to Console
PS> .\Invoke-Locksmith.ps1 –Mode 1
This mode scans the current forest and outputs all discovered AD CS issues and possible fixes to the console in List format.
Mode 2 – Identify Issues and Output to CSV
PS> .\Invoke-Locksmith.ps1 –Mode 2
Locksmith Mode 2 scans the current forest and outputs all discovered AD CS issues to ADCSIssues.CSV in the present working directory.
Mode 3 – Identify Issues + Fixes and Output to CSV
PS> .\Invoke-Locksmith.ps1 –Mode 3
In Mode 3, Locksmith scans the current forest and outputs all discovered AD CS issues and example fixes to ADCSRemediation.CSV in the present working directory.
Mode 4 – Fix All Issues
PS> .\Invoke-Locksmith.ps1 –Mode 4
Mode 4 is the “easy button.” Running Locksmith in Mode 4 will identify all misconfigurations and attempt to fix each issue.
Download
git clone https://github.com/TrimarcJake/Locksmith.git
Use
Copyright (c) 2022 Jake Hildreth
Source: https://github.com/TrimarcJake/