PowerShell  ❯  Get-CertificateByMicrosoftTemplateId

Gets a certificate from a Microsoft AD CS template ID.


    -Store <System.Security.Cryptography.X509Certificates.StoreLocation>
    -TemplateId <String>


Use this cmdlet to get an X.509 certificate object enrolled using Active Directory Certificate Services (AD CS) from its template ID.

This can be used to authenticate group memberships via mTLS client certificates:

  • Create a client certificate template in AD CS and assign it to a user or computer group
  • Use this cmdlet to select the correct certificate for mTLS authentication
  • Provide the certificate to SignPath cmdlets using the -ClientCertificate parameter


Parameter Type Description
-Store StoreLocation Certificate store that will be searched for the certificate
-TemplateId String The Microsoft AD CS template ID to find the certificate in OID format (dotted number sequence, e.g. “”)


Example 1: Submit a signing request using a template-based machine client certificate

$clientcert = Get-CertificateByMicrosoftTemplateId -Store LocalMachine -TemplateId ""
Submit-SigningRequest <# ... #> -ClientCertificate $clientcert

Sign up for news and special offers