Active Directory Certificate Services Frequently Asked Questions - needs your help!

  • Article

If you have commonly asked questions about certificate services or PKI that you think should be listed in the Active Directory Certificate Services Frequently Asked Questions (AD CS FAQ) list, I encourage you to submit them to the TechNet Wiki posting https://social.technet.microsoft.com/wiki/contents/articles/ad-cs-faq.aspx. Don't worry about the formatting, I can clean that up, if needed. Also, if you would rather have me add something for you, feel free to just reply to this blog. Thank you!

Comments

  • Anonymous
    January 01, 2003
    Right now the ASKDS blog (blogs.technet.com/.../askds) has good information about migrating certification authorities, especially the single to multiple tier migration. blogs.technet.com/.../friday-mail-sack-guest-reply-edition.aspx blogs.technet.com/.../moving-your-organization-from-a-single-microsoft-ca-to-a-microsoft-recommended-pki.aspx As for the renewing the issuing CA certificates, you just need to duplicate the Subordinate Certification Authority template, make your modifications, then Issue that template. Finally, use the option to Renew the CA Certificate in the Issuing CA Certification Authority console.

  • Anonymous
    August 08, 2011
    You should also associate the AD CS FAQ with ADCS FAQ, ADCS Answers, and AD CS Answers. social.technet.microsoft.com/.../ad-cs-faq.aspx

  • Anonymous
    December 08, 2011
    One thing I found myself doing before I even started my build was to go out and try and find horror stories. For example, some people just want to know... Are there any dangers to installing the Enterprise Issuing CA? Can it affect logins? Could it render the domain unusble. I think a good outline of potential risks and "gotchas" would be nice to read.

  • Anonymous
    January 23, 2012
    I spent a couple of months looking over documentation and other blog postings about upgrading the servers that run our PKI.  I specifically was looking to move our Enterprise Root CA to a Stand-Alone Root CA.  I pulled it off, but finding the documentation was not easy to do.  I now need to find a way to make our Issuing CA's renew or acquire a subCA certificate that is longer than the riginal 2 years.