When moving from one ADFS server to another I imported a full certificate chain and private key into Machine certs on the new Windows 2016.
The certificate displayed fine and chain is complete.
However viewing the certificate properties via ADFS the certificate information gives the error “Windows does not have enough information to verify the certificate”
Move the intermediate certificate to the Intermediate Certificate Authorities > Certificates store
It seems stupidly obvious in retrospect but Windows itself could view the cert fine, and the import was done via Machine Certificates so you’d think it would put things in the right place.
I wrote the following script enumerates an OU and then looks up the last boot time for each computer.
Note: I’m starting to put any scripts I write on GitHub, this will make it easier for you copy down and easier for me to keep any scripts up to date.
It took far too long to find this very very useful command online so I thought I’d repost to help others find it.
The below command exports as follows:
Connection to server: domain.local
Exporting attributes: whenChanged,whenCreated,cn,sAMAccountName,givenName,sn
From DN Root: DC=domain,DC=local
Into File: domain.local-users.csv
csvde -s domain.local -l "whenChanged,whenCreated,cn,sAMAccountName,givenName,sn" -d "DC=domain,DC=local" -f domain.local-users.csv