Import pfx certificate with certutil through vbscript

After I have exported all certificates with private key I developed this script that import all pfx in the user´s personal store.

Set objFSO = CreateObject(“Scripting.FileSystemObject”)
Set shell = CreateObject(“WScript.Shell”)
Const ForAppending = 2
Dim objFSO:Set objFSO = CreateObject(“Scripting.FileSystemObject”)

objStartFolder = “C:\Temp”

Set objFolder = objFSO.GetFolder(objStartFolder)

Dim ext

ext = “”

Set colFiles = objFolder.Files
For Each objFile in colFiles
ext = Mid(objFile.Name, len(objFile.Name) – 3, len(objFile.Name))
if (ext=”.pfx”) then “certutil.exe -user -p 12345678 -importpfx c:\temp\” & objFile.Name
end if



Export pfx certificate with certutil through vbscript

These days I´m in a desktop migration project from XP to W7 and I need to export the user certificates of all 9.000 desktops…

For that I create a vbs than do it but by the other hand it can´t do all, the export to file of the serial number of all certificates is done with a batch script.

Here I put the vbs and the batch file.

VB Script

Dim shell

Set shell = CreateObject(“WScript.Shell”)

shell.Run “\\server\share\VolcadoCert.bat”

WScript.Sleep 10000

Const ForReading = 1
Dim strTemp
Dim CertID
Set objFSO = CreateObject(“Scripting.FileSystemObject”)

Set objFile = objFSO.OpenTextFile(“\\private user folder\certs.txt”, ForReading)

Do Until objFile.AtEndOfStream
strSearchString = objFile.ReadLine
strTemp = Mid(strSearchString, 1, 15)

if (strTemp = “Serial Number: “) then

CertID = Mid(strSearchString, 15, len(strSearchString)-14)

shell.Run “certutil.exe -user -p 12345678 -exportpfx ” & CertID & “\\private user folder\certificat” & cstr(replace(replace(replace(now(), “/”, “”),”:”, “”),” “, “”)) & “.pfx”, 1, false

end if



certutil -user -store “My” >> \\private user folder\certs.txt

How to export and import a user certificate with powershell

How to export and import a user certificate with powershell.


Get-QADLocalCertificateStore MyStore |

Get-QADCertificate |

Export-QADCertificate -Mode Collection -Format Pfx -Password (ConvertTo-SecureString <Password> -asplaintext -force) -File c:\MyCerts.pfx |



In this command: Get-QADLocalCertificateStore retrieves a certain certificate store by name from the CurrentUser store location and passes the corresponding object to Get-QADCertificate; Get-QADCertificate retrieves the certificates from that store and passes the certificate objects to Export-QADCertificate; Export-QADCertificate exports all the certificates, along with their private keys, to a single file using the Pfx export format. This export operation requires the export data to be protected by a password, so the Password parameter is used to set a password.


$cert = dir c:\cert |Import-QADCertificate

C:\PS>Get-QADUser domainName\userName |

Add-QADCertificate -Certificate $cert


Create a collection of objects ($cert) representing the certificates found in the certificate files that are located in the specified folder (c:\cert). Then, pass those objects to the Add-QADCertificate cmdlet to identify the certificates to map to the specified user account. As a result, the certificates listed in the $cert variable are mapped to that user account.

How to know if a 2008 R2 Domain Controller was well promoted

When you promote a 2008 r2 to domain controller a good practice is to do a diagnostic of all domain controller before and test after that new DC 2008 R2 too.

Dcdiag /a

Dcdiag /q

Repadmin /showrepl

Confirm that the DFS Replication and Net logon services are started and with automatic mode.

From a cmd execute a net share and view the sysvol and netlogon shared folders

  • SYSVOL  en %systemroot%\SYSVOL\sysvol\
  • NETLOGON en %systemroot%\SYSVOL\sysvol\<Dominio>.domain\SCRIPTS

If not appear run dcdiag /test:replications and dcdiag /test:netlogons

dcdiag /test:dns

dcdiag /test:MachineAccount

dcdiag /s:<DomainControllerName> /test:knowsofroleholders /v

dcdiag /s:<DomainControllerName> /test:fsmocheck

GPOs do not replicate – Event id 1006 when migrating from AD 2003 to 2008 R2

If when migrating from 2003 to 2008 R2 AD and one 1006 event appears in the eventivewr (DCs was causing the new Windows 2008 does not properly get your computer GPOs) is solved by installing the following hotfix on Windows 2003 DCs:

Apparently this problem may be that in the past ​​an authoritative restore of the domain was make and, according to the KB, this causes a KDC problem.

Shell disappears when you install Exchange 2010 SP2

When you upgrade Exchange 2010 to SP2 can be that Exchange Shell disappears and I had to register manually.

  1. Verify that the files exist ConnectFunctions.ps1 , RemoteExchange.ps1 y CommonConnectFunctions.ps1 on %ExchangeInstallPath%\bin (if not, as was my case, you have them in the installation folder \setup\serverroles\common)
  1. Create a shortcut in %SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -noexit -command “. ‘%ExchangeInstallPath%\bin\RemoteExchange.ps1’; Connect-ExchangeServer -auto” eliminating the start in. If you want the icon was (in my case) in %SystemRoot%\Installer\{4934D1EA-BE46-48B1-8847-F1AF20E892C1}\PowerShell.exe
  1. I also put in the start menu folder within Exchange … to look like it never went.
  1. In regedit must add several folders I attached the export of the same, you have to add them in [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellSnapIns]. And ready, no need to restart (although I did just in case) are in the attachment but if the Exchange delete it, I give you a copy paste of records.


“ApplicationBase”=”C:\\Program Files\\Microsoft\\Exchange Server\\V14\\bin”


“AssemblyName”=”Microsoft.Exchange.PowerShell.Configuration, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35”

“Description”=”Admin Tasks for the Exchange Server”

“ModuleName”=”C:\\Program Files\\Microsoft\\Exchange Server\\V14\\bin\\Microsoft.Exchange.PowerShell.Configuration.dll”


“Vendor”=”Microsoft Corporation”




“ApplicationBase”=”C:\\Program Files\\Microsoft\\Exchange Server\\V14\\bin”

“AssemblyName”=”Microsoft.Exchange.PowerShell.Configuration, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35”

“Description”=”Setup Tasks for the Exchange Server”

“ModuleName”=”C:\\Program Files\\Microsoft\\Exchange Server\\V14\\bin\\Microsoft.Exchange.PowerShell.configuration.dll”






“ApplicationBase”=”C:\\Program Files\\Microsoft\\Exchange Server\\V14\\bin”

“AssemblyName”=”Microsoft.Exchange.Management.Powershell.Support, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35”

“Description”=”Support Tasks for the Exchange Server”

“ModuleName”=”C:\\Program Files\\Microsoft\\Exchange Server\\V14\\bin\\Microsoft.Exchange.Management.Powershell.Support.dll”


“Vendor”=”Microsoft Corporation”


If you want to check if you it´s registered, run as administrator in PowerShell the cmdlet Get-PSSnapin-Registered | fl, if there are not 3 Exchange modules is that you are missing something …