function Get-CACertificateDatabase
{
    <#
    .SYNOPSIS
    Retrieves information about certificates from the Certificate Authority Database

    .DESCRIPTION
    This function will fetch items from a Certificate Authority Database. It can also 
    fetch the public key of the certificates and the thumbprint which could be really
    useful when you want to use the certificates to for example encrypt something
    (like a credential in a DSC resource).

    Another useful scenario is to create monitoring of certificate expiration dates.

    .EXAMPLE
    Get-CACertificateDatabase -CA "myca.contoso.com\Issuing CA Contoso" -IncludeBinaryCertificate

    Fetch certificates from the CA instance and include the public key.

    .EXAMPLE
    Get-CACertificateDatabase -CA "myca.contoso.com\Issuing CA Contoso" -ValidTo (Get-Date)

    Fetch certificates that expires today.

    .PARAMETER CertificationAuthority
    The Certificate Authority instance you want to connect to. For example:
    'myca.contoso.com\Issuing CA Contoso'

    .PARAMETER ValidFrom
    Filter what certificates should be returned based on if they are valid at this date.

    .PARAMETER ValidTo
    Filter what certificates should be returned based on if they expire before this date.

    .PARAMETER Disposition
    Specifies which category to get the certificates from.

    Brief disposition code explanation:
    * 9 - pending for approval
    * 15 - CA certificate renewal
    * 16 - CA certificate chain
    * 20 - issued certificates
    * 21 - revoked certificates
    * all other - failed requests

    .PARAMETER IncludeBinaryCertificate
    This switch will enable retrieval of the public key of the certificates.

    #>

    [cmdletbinding()]
    param ([parameter(Mandatory = $true)]
           [string] $CertificationAuthority,
           [parameter(Mandatory = $false)]
           [datetime] $ValidFrom = (Get-Date),
           [parameter(Mandatory = $false)]
           [datetime] $ValidTo = (Get-Date).AddYears(2),
           [parameter(Mandatory = $false)]
           [int] $Disposition = 20,
           [parameter(Mandatory = $false)]
           [switch] $IncludeBinaryCertificate)

    BEGIN { }

    PROCESS {

        Write-Verbose 'Initiating com object'

        $CaView = New-Object -Com CertificateAuthority.View

        try {
            Write-Verbose "Connecting to $CertificationAuthority..."
            [void] $CaView.OpenConnection($CertificationAuthority)
        }
        catch {
            Write-Error "Failed to connect to the Certificate Authority instance $CA. The error was: $($_.toString())"
            break
        }

        $CaView.SetResultColumnCount(8)

        $index0 = $CaView.GetColumnIndex($false, "Issued Common Name")
        $index1 = $CaView.GetColumnIndex($false, "Certificate Expiration Date")
        $index2 = $CaView.GetColumnIndex($false, "Issued Email Address")
        $index3 = $CaView.GetColumnIndex($false, "Certificate Template")
        $index4 = $CaView.GetColumnIndex($false, "Request Disposition")

        if ($IncludeBinaryCertificate) {
            $index5 = $CaView.GetColumnIndex($false, "Binary Certificate")
        }

        $index6 = $CaView.GetColumnIndex($false, "Certificate Hash")
        $index7 = $CaView.GetColumnIndex($false, "Requester Name")

        $index0, $index1, $index2, $index3, $index4, $index5, $index6, $index7 | ForEach-Object { $CAView.SetResultColumn($_) }

        # CVR_SORT_NONE 0
        # CVR_SEEK_EQ  1
        # CVR_SEEK_LT  2
        # CVR_SEEK_GT  16


        $index1 = $CaView.GetColumnIndex($false, "Certificate Expiration Date")
        $CAView.SetRestriction($index1,16,0,$ValidFrom)
        $CAView.SetRestriction($index1,2,0,$ValidTo)

        # brief disposition code explanation:
        # 9 - pending for approval
        # 15 - CA certificate renewal
        # 16 - CA certificate chain
        # 20 - issued certificates
        # 21 - revoked certificates
        # all other - failed requests

        $CAView.SetRestriction($index4,1,0,$Disposition)

        $RowObj= $CAView.OpenView()

        try {
            Write-Verbose 'Fetching certificates...'

            while ($Rowobj.Next() -ne -1) {
                $Cert = New-Object PsObject
                $ColObj = $RowObj.EnumCertViewColumn()
                [void]$ColObj.Next()

                do {
                    $current = $ColObj.GetName()
                    if ($ColObj.GetDisplayName() -eq 'Certificate Hash') {
                        $Cert | Add-Member -MemberType NoteProperty 'Thumbprint' -Value $($ColObj.GetValue(1).ToUpper() -replace "\s") -Force
                    }
                    elseif ($ColObj.GetDisplayName() -eq 'Binary Certificate') {
                        $Cert | Add-Member -MemberType NoteProperty 'BinaryCertificate' -Value "-----BEGIN CERTIFICATE-----`n$($ColObj.GetValue(1))-----END CERTIFICATE-----" -Force
                    }
                    else {
                        $Cert | Add-Member -MemberType NoteProperty $($ColObj.GetDisplayName() -replace '\s') -Value $($ColObj.GetValue(1)) -Force
                    }

                } until ($ColObj.Next() -eq -1)

                Clear-Variable ColObj

                Write-Output $Cert
            }
        }
        catch {
            if ($_.toString() -like '*CEnumCERTVIEWROW::Next: The parameter is incorrect. 0x80070057*') {
                Write-Verbose "No certificates matched the criteria in the database of $CertificationAuthority"
            }
            else {
                Write-Error $_.toString()
            }
        }
    }

    END {

        Write-Verbose 'Cleaning up...'

        $RowObj.Reset()
        $CaView = $null
        [GC]::Collect()

        Write-Verbose 'Function finished.'
    }
}