From 5dd986b156e19df1f8883263373f24580a60c8e8 Mon Sep 17 00:00:00 2001
From: DACRepair <DACRepair@gmail.com>
Date: Sat, 26 Oct 2024 22:58:01 -0400
Subject: [PATCH 1/3] Added attempt for AD deploy.

---
 Posh-ACME.Deploy/Posh-ACME.Deploy.psd1        |  1 +
 .../Public/Set-ActiveDirectoryLDAPS.ps1       | 35 +++++++++++++++++++
 README.md                                     |  1 +
 3 files changed, 37 insertions(+)
 create mode 100644 Posh-ACME.Deploy/Public/Set-ActiveDirectoryLDAPS.ps1

diff --git a/Posh-ACME.Deploy/Posh-ACME.Deploy.psd1 b/Posh-ACME.Deploy/Posh-ACME.Deploy.psd1
index 2ce6d5f..2fa1963 100644
--- a/Posh-ACME.Deploy/Posh-ACME.Deploy.psd1
+++ b/Posh-ACME.Deploy/Posh-ACME.Deploy.psd1
@@ -20,6 +20,7 @@ FunctionsToExport = @(
     'Set-RDSHCertificate'
     'Set-WinRMCertificate'
     'Set-NPSCertificate'
+    'Set-ActiveDirectoryLDAPS'
 )
 CmdletsToExport = @()
 VariablesToExport = @()
diff --git a/Posh-ACME.Deploy/Public/Set-ActiveDirectoryLDAPS.ps1 b/Posh-ACME.Deploy/Public/Set-ActiveDirectoryLDAPS.ps1
new file mode 100644
index 0000000..27971b2
--- /dev/null
+++ b/Posh-ACME.Deploy/Public/Set-ActiveDirectoryLDAPS.ps1
@@ -0,0 +1,35 @@
+function Set-ActiveDirectoryLDAPS {
+    [CmdletBinding()]
+    param(
+        [Parameter(Position=0,ValueFromPipelineByPropertyName)]
+        [Alias('Thumbprint')]
+        [string]$CertThumbprint,
+        [Parameter(Position=1,ValueFromPipelineByPropertyName)]
+        [string]$PfxFile,
+        [Parameter(Position=2,ValueFromPipelineByPropertyName)]
+        [securestring]$PfxPass,       
+        [switch]$RemoveOldCert # Not used, included due to spec.
+    )
+
+    Process {
+
+        # surface exceptions without terminating the whole pipeline
+        trap { $PSCmdlet.WriteError($PSItem); return }
+
+        $CertThumbprint = Confirm-CertInstall @PSBoundParameters
+        
+        # Copy cert from local store to NTDS Store
+        $LocalCertStore = 'HKLM:/Software/Microsoft/SystemCertificates/My/Certificates'
+        $NtdsCertStore = 'HKLM:/Software/Microsoft/Cryptography/Services/NTDS/SystemCertificates/My/Certificates'
+        if (-Not (Test-Path $NtdsCertStore)) {
+	        New-Item $NtdsCertStore -Force
+        }
+        Copy-Item -Path "$LocalCertStore/$CertThumbprint" -Destination $NtdsCertStore
+        
+        # Command AD to update.
+        $dse = [adsi]'LDAP://localhost/rootDSE'
+        [void]$dse.Properties['renewServerCertificate'].Add(1)
+        $dse.CommitChanges()        
+    }
+
+}
diff --git a/README.md b/README.md
index 22601f8..09020d3 100644
--- a/README.md
+++ b/README.md
@@ -12,6 +12,7 @@ A Collection of certificate deployment functions intended for use with [Posh-ACM
 - Exchange (tested on 2019)
 - [Network Policy Server (NPS)](https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-top)
 - Remote Access SSTP
+- Active Directory (LDAPS)
 
 ## Installation (Stable)
 

From e751e5593938968665c1d66e3d1565129dfde6b0 Mon Sep 17 00:00:00 2001
From: DACRepair <DACRepair@gmail.com>
Date: Sun, 27 Oct 2024 02:19:31 -0400
Subject: [PATCH 2/3] Added delete capabilities.

---
 Posh-ACME.Deploy/Public/Set-ActiveDirectoryLDAPS.ps1 | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/Posh-ACME.Deploy/Public/Set-ActiveDirectoryLDAPS.ps1 b/Posh-ACME.Deploy/Public/Set-ActiveDirectoryLDAPS.ps1
index 27971b2..998bb1c 100644
--- a/Posh-ACME.Deploy/Public/Set-ActiveDirectoryLDAPS.ps1
+++ b/Posh-ACME.Deploy/Public/Set-ActiveDirectoryLDAPS.ps1
@@ -8,7 +8,7 @@ function Set-ActiveDirectoryLDAPS {
         [string]$PfxFile,
         [Parameter(Position=2,ValueFromPipelineByPropertyName)]
         [securestring]$PfxPass,       
-        [switch]$RemoveOldCert # Not used, included due to spec.
+        [switch]$RemoveOldCert
     )
 
     Process {
@@ -30,6 +30,13 @@ function Set-ActiveDirectoryLDAPS {
         $dse = [adsi]'LDAP://localhost/rootDSE'
         [void]$dse.Properties['renewServerCertificate'].Add(1)
         $dse.CommitChanges()        
+    
+        if ($RemoveOldCert) {
+            Get-ChildItem $NtdsCertStore | Select -Expand Name | ForEach-Object {
+                if ($_ -notlike "*$sig*") {
+                    Remove-Item Registry::$_
+                }
+            }
+        }
     }
-
 }

From c97f9cf598838eb68733f86fbe89772342fc4573 Mon Sep 17 00:00:00 2001
From: DACRepair <DACRepair@gmail.com>
Date: Sun, 27 Oct 2024 02:52:23 -0400
Subject: [PATCH 3/3] Accidentally left an incorrect variable in the removal
 code

---
 Posh-ACME.Deploy/Public/Set-ActiveDirectoryLDAPS.ps1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Posh-ACME.Deploy/Public/Set-ActiveDirectoryLDAPS.ps1 b/Posh-ACME.Deploy/Public/Set-ActiveDirectoryLDAPS.ps1
index 998bb1c..863196a 100644
--- a/Posh-ACME.Deploy/Public/Set-ActiveDirectoryLDAPS.ps1
+++ b/Posh-ACME.Deploy/Public/Set-ActiveDirectoryLDAPS.ps1
@@ -33,7 +33,7 @@ function Set-ActiveDirectoryLDAPS {
     
         if ($RemoveOldCert) {
             Get-ChildItem $NtdsCertStore | Select -Expand Name | ForEach-Object {
-                if ($_ -notlike "*$sig*") {
+                if ($_ -notlike "*$CertThumbprint*") {
                     Remove-Item Registry::$_
                 }
             }