S/MIME is used to encrypt and/or sign email sent to another recipient. It uses a combination of a private and a public key. On Exchange, the public keys can be published to the Global Address List (GAL).
If you have a Hybrid environment for Exchange or you are using just Exchange Online managing the certificates can be challenging,
Here are some quick tips to perform some tasks
Create an address list with only the users that have an S/MIME certificate
New-AddressList -Name "S/MIME Users" -RecipientFilter {(((RecipientType -eq 'MailUser') -or (RecipientType -eq 'UserMailbox'))) -and (SMimeCertificate -ne $null)}
Check the members of a dynamic address list
Get-Recipient -RecipientPreviewFilter (Get-AddressList -Identity {S/MIME Users}).RecipientFilter
Delete the S/MIME certificate of a user
set-mailbox -identity <UPN> -UserSMimeCertificate $null
Export a csv file with them email addresses of the users plus their Base64 certificate
$OutputFileName = "C:\temp\CERTS.txt"
del $outputfilename
Get-Recipient -RecipientPreviewFilter (Get-AddressList -Identity {S/MIME Users}).RecipientFilter |
ForEach-Object {
$email=$_.windowsliveid
$mbx=Get-Mailbox -Identity $email
$email+";"+[Convert]::ToBase64String($mbx.userSmimeCertificate[0]) | out-file $OutputFileName -append
}
Comments
Nice tip, thanks