# Enumeration - Certificate Authority ## Windows ### Native {% tabs %} {% tab title="AD Module" %} {% code overflow="wrap" %} ```powershell # AD Module Get-ADObject -Filter * -SearchBase 'CN=Certification Authorities,CN=Public Key Services,CN=Services,CN=Configuration,DC=security,DC=local' Get-ADObject -LDAPFilter '(objectclass=certificationAuthority)' -SearchBase 'CN=Configuration,DC=security,DC=local' | fl * ``` {% endcode %} {% endtab %} {% tab title="ADSI" %} ```powershell # Get-CertificationAuthority -SearchBase LDAP://CN=Configuration,DC=security,DC=local function Get-CertificationAuthority { param([string]$searchBase = "LDAP://CN=Configuration,DC=security,DC=local") $directorySearcher = New-Object System.DirectoryServices.DirectorySearcher $directorySearcher.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry($searchBase) $directorySearcher.Filter = "(objectclass=certificationAuthority)" $directorySearcher.PropertiesToLoad.Add("*") > $null try { $results = $directorySearcher.FindAll() foreach ($result in $results) { $properties = @{} foreach ($prop in $result.Properties.PropertyNames) { $properties[$prop] = $result.Properties[$prop][0] } $outputObj = New-Object PSObject -Property $properties Write-Output $outputObj } } catch {} finally { $results.Dispose() } } ``` {% endtab %} {% endtabs %} ### Certify Github: ```powershell Certify.exe cas Invoke-Certify cas ```

## Linux ### Certipy Github: ```python certipy find -u -p -dc-ip 10.10.10.100 -stdout ```