Deleting old certificates from AD and EXO

Remove-Certificates.ps1

Function Remove-Certificates {
$usercerts = @()
$exchangecerts = @()

Write-Host "Connecting to Exchange Online"
#used to connect to exchange online, must be customized for each tenant and certificate
$ClientId = ""
$Organization = ""
$CertificateThumbprint = ""
Try {
    Connect-ExchangeOnline -CertificateThumbprint $CertificateThumbprint -AppID $ClientId -Organization $Organization -ShowBanner:$false
} Catch {
    $transmiterror = $true
    write-host "Unable to connect to exchange online"
    }

#find all certificates
$allmailboxcerts = get-mailbox -ResultSize Unlimited -filter * | Where-Object {$_.userCertificate -or $_.userSMimeCertificate}
$allusercerts = get-aduser -LDAPFilter '(|(userCertificate=*)(userSMIMECertificate=*))' -properties userCertificate,userSmimeCertificate, mail

#step 1 - remove certificates from on-prem user accounts and report
$allusercerts | foreach-object {
    $customuser = New-Object -TypeName PSObject
    set-aduser $_ -clear userCertificate,userSMIMECertificate
    $customuser | Add-Member -MemberType NoteProperty -Name "User Name" -Value $_.Name
    $customuser | Add-Member -MemberType NoteProperty -Name "EMail" -Value $_.mail
    $usercerts += $customuser
    }

#step 2 – remove certificates from EXO mailboxes and report
$allmailboxcerts | foreach-object {
    $custommailbox = New-Object -TypeName PSObject
    set-mailbox $_ -userCertificate $null -UserSMimeCertificate $null
    $custommailbox | Add-Member -MemberType NoteProperty -Name "User Name" -Value $_.Name
    $custommailbox | Add-Member -MemberType NoteProperty -Name "EMail" -Value $_.PrimarySMTPAddress
    $exchangecerts += $custommailbox
    }

$usercerts | ConvertTo-Csv -NoTypeInformation | out-file "path to logfile"
$exchangecerts | ConvertTo-Csv -NoTypeInformation | out-file "path to logfile"

}