New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Get-CertificationAuthority raises an exception on a workgroup CA #156
Comments
Yes, this is expected. The documentation says that it retrieves only CAs registered in Active Directory, thus depends on AD. For workgroup environments you have to use |
I see, thank you for the quick response. But it seems the command does return useful results, just with an additional error - I can use the resulting CA object in other commands just fine. Do you think it would be possible to join Get-CertificationAuthority's and Connect-CertificationAuthority's functionality in a single command? |
That's interesting, because there is a check if you are in domain or not:
and if you are not connected to domain, the Get-CertificationAuthority should return you nothing.
I don't know if it possible to merge both commands without breaking things. |
It seems that the |
Actually, this variable is defined here: Line 11 in 333caa3
and it should be properly initialized with |
Interesting: GitHub does not show it in the search results: https://github.com/PKISolutions/PSPKI/search?q=NoDomain |
As for variable initialization, when I run |
gotcha! This is an interesting behavior of PowerShell which I need to fix. |
Perhaps we could query |
I solved this in slightly different way: Line 14 in a0eb35d
I need to ensure that there is at least one online domain controller rather (because I need to fetch some data from there) than just check domain membership. Anyway, Get-CertificationAuthority should behave like it is intended. But I will take a look if I can make it working in workgroups without breaking existing syntax.
|
Maybe it is worth to implement both checks? Querying an non-existent domain controller takes time - the request waits and then fails by timeout. What if first we will check that WMI class and if it returns true, then we will query a DC? It should improve module loading time on workgroup computers. |
I just checked the code: mentioned line fails immediately if you are not part of domain. If you are part of domain, but disconnected -- the delay is inevitable. It appears, the method call already implements domain membership check internally before trying to contact DCs. |
Yes, you are correct - thank you! |
I think, this commit should do the work, though haven't tested: 0b8764b In the |
Thank you, Vadims! |
Seems to be working all right on my workgroup CA, but of course currently these two functions are only partially compatible by parameter sets: |
Fixed in v4.0.0 |
The text was updated successfully, but these errors were encountered: