Bryan Mulvey bryanmulvey

## new-LDAPcert.ps1
# In a lab, or a AD domain with non-routable top level domain (.corp, .local etc...)
# Creating one self-signed cert usable across multiple domain controllers for encrypted LDAP

Import-Module ActiveDirectory
$addomain=get-addomain
$expirydate = (Get-Date).AddYears(1)

# Get all (currently existing) domain controllers to be subject alternative names (avoid cloud kerberos trust object)
$ArraySubjectAlternativeNames=(Get-ADComputer -SearchBase $addomain.DomainControllersContainer -filter *  | where {$_.name -ne 'AzureADKerberos'}).dnshostname
$ArraySubjectAlternativeNames+="ldap.$($addomain.DNSRoot)" # useful as movable DNS alias or for network load balancer
	# In a lab, or a AD domain with non-routable top level domain (.corp, .local etc...)
	# Creating one self-signed cert usable across multiple domain controllers for encrypted LDAP

	Import-Module ActiveDirectory
	$addomain=get-addomain
	$expirydate = (Get-Date).AddYears(1)

	# Get all (currently existing) domain controllers to be subject alternative names (avoid cloud kerberos trust object)
	$ArraySubjectAlternativeNames=(Get-ADComputer -SearchBase $addomain.DomainControllersContainer -filter * \| where {$_.name -ne 'AzureADKerberos'}).dnshostname
	$ArraySubjectAlternativeNames+="ldap.$($addomain.DNSRoot)" # useful as movable DNS alias or for network load balancer