I'm using a script by Tom Nolan to query our CA for expiring certificates. However, I tried to no avail to filter the output for non-autoenrolling certificates, as these are the only ones of interest. That's the line in question:
certutil -view -restrict "NotAfter>=$d1,NotAfter<=$d2" -out "Request ID, Request Submission Date, Request Common Name, Requester Name, Request Email Address, Request Distinguished Name, CertificateTemplate, NotAfter" -config "$caServer\$caName"
I tried narrowing down the -restrict parameter like this:
-restrict "NotAfter>=$d1,NotAfter<=$d2,EnrollmentFlags&&0x20"
but had no success.
Does anyone know how to achieve this?
Thanks for your help!