Get-Rms Child Cert

Returns all child certificates from a parent certificate used in a user request for the AD RMS cluster.

Syntax

Get-RmsChildCert
   [-StartTime <DateTime>]
   [-EndTime <DateTime>]
   -ParentCertId <String>
   -ParentCertType <String>
   [-Path] <String[]>
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Get-RmsChildCert cmdlet returns all issuance licenses from a parent client licensor certificate (CLC) or all end-user licenses (EULs) from a parent issuance license used in a user request on the Active Directory Rights Management Services (AD RMS) cluster.

To obtain licenses, specify the ParentCertID and ParentCertType of the parent certificate for which you want to retrieve child certificates and then set the Path parameter to the AD RMS provider drive path <PSDrive>:\ Report where <PSDrive> is the provider drive ID. You can also specify a relative path. For example, a dot (.) specifies the current location.

Use the Get-RmsCertChain cmdlet to obtain the ParentCertID and the ParentCertType of the certificate for which you to retrieve child certificates. The ParentCertID value returned is valid only for the cluster identified by the Path parameter of Get-RmsCertChain . You cannot use a ParentCertID to identify the same certificate in different clusters.

Examples

Example 1: Get all child certificates for a parent

PS C:\> Get-RmsChildCert -Path "." -ParentCertId "8AGI9GoWuobJDsTmr/CUHTCEpsI=" -ParentCertType CLC

This command returns all child certificates from a parent client licensor certificate.

Example 2: Pass a certificate ID and get all child certificates

PS C:\> $parentCert = Get-RmsCertChain -Path "." -RequestID 3 | Where {$_.CertificateType -eq 'Client-Licensor-Certificate'}
PS C:\> Get-RmsChildCert -Path "." -ParentCertId $parentCert.CertificateID -ParentCertType $parentCert.CertificateType

This command stores a certificate obtained from the Get-RmsCertChain cmdlet in a variable and then uses that variable to pass the certificate ID and type to the Get-RmsChildCert cmdlet to return child certificates.

Required Parameters

-ParentCertId

Specifies the parent certificate for which child certificates are to be returned.

Type: String
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
-ParentCertType

Specifies the type of parent certificate for which child certificates are to be returned. Possible values for this parameter are Client-Licensor-Certificate (or CLC) or Issuance-License (or IL).

Type: String
Parameter Sets: CLC, Client-Licensor-Certificate, IL, Issuance-License
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
-Path

Specifies a provider drive and path or relative path on the current drive. This parameter is required. Use a dot (.) to specify the current location. This parameter does not accept wildcards and has no default value.

Type: String[]
Position: 0
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Optional Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Aliases: cf
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-EndTime

Specifies the end of a time period for a system health report. This parameter specifies a time value. See the description of the StartTime parameter for information on specifying a time.

Type: DateTime
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
-StartTime

Specifies the beginning of a time period. This parameter specifies a time value.

The following examples show commonly-used syntax to specify a time. Time is assumed to be local time unless otherwise specified. When a time value is not specified, the time is assumed to 12:00:00 AM local time. When a date is not specified, the date is assumed to be the current date.

4/17/2006

Monday, April 17, 2006

2:22:45 PM

Monday, April 17, 2006 2:22:45 PM

These examples specify the same date and the time without the seconds.

4/17/2006 2:22 PM

Monday, April 17, 2006 2:22 PM

2:22 PM

The following example shows how to specify a date and time by using the RFC1123 standard. This example defines time by using Greenwich Mean Time (GMT).

Mon, 17 Apr 2006 21:22:48 GMT

The following example shows how to specify a round-trip value as Coordinated Universal Time (UTC). This example represents Monday, April 17, 2006 at 2:22:48 PM UTC.

2000-04-17T14:22:48.0000000

Type: DateTime
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Aliases: wi
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False