Powershell : Certutil Find Expired Certs on CA server

Wrote this to get certificate expiration information for certificates that expired 5 days ago to ones that expire in 90 days. Wrap an invoke-command around this for remote query.

$Before = (get-date).adddays(90).ToString("MM/dd/yyyy")
$After = (get-date).AddDays(-5).ToString("MM/dd/yyyy")
<#

https://blogs.technet.microsoft.com/poshchap/2016/01/01/powershell-and-certutil-exe/
We create a date range with
$Before, i.e. certificates expiring before this date, and
$After, i.e. certificates expiring after this date. These values are converted into something that certutil can understand - $Restrict. This is then used with the certutil -restrict parameter.
#>
$Restrict = "NotAfter<=$Before,NotAfter>=$After"
$Report = @()
$cmd = & certutil.exe -view -restrict $Restrict -out "RequesterName,CommonName,Certificate Expiration Date","Certificate Template"

$SplitLines = $cmd.Split("`n`r")

$Index = 0
foreach ($line in $SplitLines){

    if ($line -like "Row*" ){
        $Details = New-Object PSObject 
        $Details | Add-Member noteProperty "RequesterName" $SplitLines[$index+1].split(":")[1].Replace("`"","").Replace(" ","")
        $Details | Add-Member noteProperty "CommonName" $SplitLines[$index+2].split(":")[1].Replace("`"","").Replace(" ","")
        $Details | Add-Member noteProperty "Certificate Expiration Date" $SplitLines[$index+3].split(':')[1].split(" ")[1].Replace(" ","")

        
        if ($SplitLines[$index+4].split(":")[1].Replace("`"","") -notlike "*1.*") {
            $TemplateName = $SplitLines[$index+4].split(":")[1].Replace("`"","").Replace(" ","")
        }
        Else {
        write-host "hit"
        $templatename = $SplitLines[$index+4].split(":")[1].Replace("`"","").split(" ")[2].Replace(" ","")
        }

        $Details | Add-Member noteProperty "Certificate Template" $TemplateName
        
        
        
        $report += $Details 
    
    }

    $Index++
}
$report

Powershell: Get list of all services accounts used on Windows servers in domain.

Purpose: This script will search AD for Windows Servers that are enabled and attempted to connect to each server and get a listing of all services and the accounts used to run them.
Note: This will take a while to run unless someone wants to make it multithreaded.
I just wrote this so there may need to be some bug fixes but in general it seemed to work.
Requirements: RSAT tools WMI

Import-Module activedirectory
cls

$ServicesReport = @()

$AllServers = Get-ADComputer -Filter {(OperatingSystem -Like "Windows Server*")-and (enabled -eq "true")} -Property SamAccountName | select -expand Name

$i = 0
foreach($Server in $AllServers) {
$i++
Write-Host "Working on Server: $Server " $i " of " $AllServers.Count 

try
{
if (Test-Connection -ComputerName $Server -Quiet) {
$Services = Get-WmiObject win32_service -ComputerName $Server | select Name,
  @{N="StartupType";E={$_.StartMode}},
  @{N="ServiceAccount";E={$_.StartName}},
  @{N="SystemName";E={$_.Systemname}}
    foreach ($Service in $Services) {
       $Detail = New-Object PSObject 
    $Detail | Add-Member Noteproperty ServiceName $($Service.Name)
    $Detail | Add-Member Noteproperty StartupType $Service.StartupType
    $Detail | Add-Member Noteproperty ServiceAccount $Service.ServiceAccount
    $Detail | Add-Member Noteproperty SystemName $Service.Systemname
       $ServicesReport += $Detail
    }
 }
}
Catch
{
$Detail = New-Object PSObject 
    $Detail | Add-Member Noteproperty ServiceName "NA"
    $Detail | Add-Member Noteproperty StartupType "NA"
    $Detail | Add-Member Noteproperty ServiceAccount "Error"
    $Detail | Add-Member Noteproperty SystemName $Server
       $ServicesReport += $Detail
  
 }
  
  } 
  
$ServicesReport | Export-Csv -Path c:\temp\test.csv -NoTypeInformation