Migrate IIS client certificates from Windows 2003 to Windows 2016 using PowerShell

To import the certificate, we need to have the public key information exported to .cer certificate file

#Get the File names of certificate
$names = Get-ChildItem C:\Users\Administrator\Desktop\Certs\
$results = @()
#looping through each certificates to fetch Public Key and User Info
foreach($name in $names) {
	#reading content of the file
    $CertData = Get-Content $name.FullName
    $CertData = $CertData[1..($CertData.Length-2)]	#To remove first and last line in the content
    $publicKey = ""
    $CertData | % {
        $publicKey += $_.ToString()
    }
	
	#Getting user name from certificate
	$certif = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
	$certif.Import($name.FullName)
	$userName = $certif.GetName().ToString().Split(",")[-1].Replace("CN=","").Replace(" ","")
    $result = New-Object -TypeName PSObject -Property @{
    FileName = $name.Name
    UserName = $userName
    PublicKey = $publicKey
    }
	
	#List of all certificate data and user name
    $results += $result
}
#$results | select FileName, UserName, PublicKey

Once the Information is collected, users have to be created locally on the server

foreach($userInfo in $results) {
    New-LocalUser -Name $userInfo.UserName -Password (ConvertTo-SecureString "ThisIsAGoodPassword123" -AsPlainText -Force)
    #Set-LocalUser -Name $userInfo.UserName -Password (ConvertTo-SecureString "ThisIsAGoodPassword123@2k" -AsPlainText -Force)
}

After user creation, In IIS oneToOneMappings, we have to add the certificate public key along with the respective user name and password

Both foreach loops can be merged. I have divided the foreach for better readability.

foreach($userInfo in $results) {
    Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -location 'EveryCarParts1' `
    -filter "system.webServer/security/authentication/iisClientCertificateMappingAuthentication/oneToOneMappings" `
    -name '.' `
    -value @{enabled='True';userName=$userInfo.UserName;password='ThisIsAGoodPassword123';certificate=$userInfo.PublicKey}
}

For adding Web configuration Property, I got the clue from following post
https://stackoverflow.com/questions/29497971/configuring-iis-client-certificate-mapping-authentication

Thank you for reading my post. Hope this is helpful to you.