
function Test-FMCertificate
            Tests, whether the certificate stores are in the desired state.
            Tests, whether the certificate stores are in the desired state, that is, all defined certificates are already in place.
            Use Register-FMCertificate to define desired the desired state.
        .PARAMETER Server
            The server / domain to work with.
        .PARAMETER Credential
            The credentials to use for this operation.
            PS C:\> Test-FMCertificate -Server
            Checks whether the forest has all the certificates it should

    param (
        $parameters = $PSBoundParameters | ConvertTo-PSFHashtable -Include Server, Credential
        $parameters['Debug'] = $false
        Assert-ADConnection @parameters -Cmdlet $PSCmdlet
        Invoke-Callback @parameters -Cmdlet $PSCmdlet
        Assert-Configuration -Type dsCertificates -Cmdlet $PSCmdlet
        Set-FMDomainContext @parameters
        $resDefault = @{
            Server = $Server
            ObjectType = 'Certificate'
        foreach ($type in 'NTAuthCA', 'RootCA', 'SubCA', 'CrossCA', 'KRA')
            $certificates = Get-ADCertificate -Parameters $parameters -Type $type
            $desiredState = Get-FMCertificate -Type $type
            foreach ($desiredCert in $desiredState)
                if ($desiredCert.Action -eq 'Add' -and $desiredCert.Certificate.Thumbprint -in $certificates.Thumbprint) { continue }
                if ($desiredCert.Action -eq 'Remove' -and $desiredCert.Thumbprint -notin $certificates.Thumbprint) { continue }
                $adObject = $null
                if ($desiredCert.Action -eq 'Remove') { $adObject = $certificates | Where-Object Thumbprint -EQ $desiredCert.Thumbprint }
                New-TestResult @resDefault -Type $desiredCert.Action -Identity $desiredCert -Configuration $desiredCert -ADObject $adObject
            if (-not $script:dsCertificatesAuthorative[$type]) { continue }
            foreach ($certificate in $certificates)
                if ($certificate.Thumbprint -in $desiredState.Certificate.Thumbprint) { continue }
                if ($certificate.Thumbprint -in $desiredState.Thumbprint) { continue }
                New-TestResult @resDefault -Type 'Remove' -Identity $certificate -ADObject $certificate