Aqui está o script que eu criei. Eu ainda preciso de uma maneira de obter facilmente todos os endereços SMTP primários ativos, mas isso é um começo.
#This script tests the naked domain and autodiscover record for issues.
#often times a wildcard cert will cause a name mismatch, or the cert is invalid, expired, or revoked
$ErrorActionPreference = "Stop";
#todo, don't use accepted domains, only use the addresses listed as a primary on
# a user, because that is the only domain that counts for Autodiscover.
$domains = "a.com”, “b.com”, “b.com"
$errors = @{}
foreach ($d2 in $domains)
{
Try
{
$url = "https://$d2"
$url
$wc = New-Object System.Net.WebClient
$wc.DownloadString($url)
}
Catch
{
$ErrorMessage = $_.Exception.Message
$FailedItem = $_.Exception.ItemName
$errors.Add($url, $_.Exception.Message)
}
Try
{
$url = "https://autodiscover.$d2"
$url
$wc = New-Object System.Net.WebClient
$wc.DownloadString($url)
}
Catch
{
$ErrorMessage = $_.Exception.Message
$FailedItem = $_.Exception.ItemName
$errors.Add($url, $errormessage)
}
}
$sb = New-Object -TypeName "System.Text.StringBuilder";
foreach ($e in $errors.keys) {
$e2 = $errors.$e
#The remote name could not be resolved
#Could not establish trust relationship
$sb.AppendLine("$e had error @ $e2 " );
}
Send-MailMessage -From [email protected] -To [email protected] -Subject "Invalid SSL Certificate Report" -SmtpServer internalsmtp.company.com -Body $sb.tostring()