Certificates export?
Hello, I was trying to export our certificates but apparently for several of them I am limited as an export of the certificates without its key which make them useless. Anyway to get the key? The certificate request was generated on this…
Translate between Certificate Template Permissions and ActiveDirectoryRights enum
I'm trying to generate a report containing details about all certificate templates published in my forest. One of the things I want to show in the report is what principals have Read, Write and Enroll permissions on each template. In order to do…
KERBEROS refresh clients
Good morning, in our infrastructure have all clients windows 10, and 2 DC 2019 Server (FFL 2012 R2), when change (add or remove) users from groups, all client, need to reset manually kerberos token with cmd (klist purge –li 0x3e7). It's the only metod.…
ADCS Migration from Windows 2008r2 to Windows 2019
Hi experts, I would like to ask the following on the topic migrating ADCS from 2008R2 to 2019. I have run couple of articles like the one as below:- …
AD CS (Standalone version) - How to sign an externally-generated CSR as a CA?
Hi, I am currently facing a quite blocking issue regarding the signature of a CSR emitted by a non-Microsoft PKI (EJBCA Community in my case) with a Root CA on AD CS (standalone version). What we want to do is to create a Sub-CA in EJBCA. Our…
Domain Laptop Cached User Credentials randomly no longer usable
These days, thanks to the pandemic, we have many users working on their laptops from home (connecting to the domain through VPN once they login). Extremely rarely (it's happened a handful of times in the past 3-4 months) we have a user who suddenly…
Windows CA - Best Practices - Expirationdate,..
Hello all, as mentioned in many news-tickers, the most common browser (chrome, firefox, safari,..) will only accept certificates with a maximum lifetime of 1 year. This also means, that we have to replace all internally used webserver certificated…
API Implementation Methods
What are the common API implementation methods?
Migrate NDES service to a new Server
Hi, I'm in the process of migrating certificate services from 2008R2 to 2016, one of the CA servers is also running the NDES service but I can't find any guide on how to move this to a new server (I'm planning on re-using the old server IP and name). …
Web enrollment for a Standalone CA
After installing Certification services and creating a Standalone CA on a Windows Server 2016 or Windows Server 2019 server member of Workgroup what else should I do in order to allow other servers request certificates? Should I install Certification…
request a certificate
dears, i have a local ca installed. i have a new machine, and i want to request a certificate from this machine to my local ca how is this done how can i generate a cer file and make it issued by my internal ca i am new to adcs Source…
certutil -deleterow cert (2 weeks running and nothing?)
Hi everyone, My CA database has not been maintained in years, and there's 4 million certificates in the database. I've been running certutil -deleterow 01/07/2020 cert for the past two weeks, but I'm not sure it's actually doing anything. How can I…
ADCS Migration from 2008R2 to 2019
Hi experts, I would like to ask the following on the topic migrating ADCS from 2008R2 to 2019. I have run couple of articles like the one as below:- …
export certificate with private key
dears, i requested a client certificate from my internal adcs using the client template on one of my servers. i am trying to export the certificate but there is no option of exporting the cert using a private key can you give me a method to export…
how to install SelfSigned Certificate on Domain Controller
Hi, I have a test DC on which I want to install SelfSign certificate for secure LDAP. how can I generate and install the certificate? Regards
API Implementation Methods
What are the common API implementation methods? https://social.technet.microsoft.com/Forums/windowsserver/en-US/84f8a2ee-62df-442e-b1f4-9e4c1e42b374/api-implementation-methods?forum=winserversecurity
how the password generated randomly local administrator password solution
Please let me know how the password changed randomly. [ i mean whether computer generate random password for every 30 days and update the attribute ms-MCS-AdmPwd in domain controller or Domain controller generates password for every 30 days and updates…
How to generate program Inventory logs in event viewer
Hello, Good morning, Have tried to generate the program Inventory but no luck.
Certificate install on CIV chip
Hi Team, I am trying to install a SmartCardLogon certificate into CIV chip and getting below error while installing the certificate. Below is my code: CX509Enrollment objEnroll = new CX509Enrollment(); try { …
How can I check whether a certificate is CA or end entity?
Want to confirm the cert type CA or End Entity, before it is imported to the certificate store. Is there any utility function available for this. I have written the below function. But it returns always return the cert as CA. Is this have a bug or is…