AD Troubleshooting

AD and Domain-related issues and troubleshooting methods for Active Directory.

ADCS has become site-aware in Windows Server 2012

ADCS has become site-aware in Windows Server 2012

  • Comments 1
  • Likes

One of the largely unheralded big new features of Active Directory Certificate Services is that it can now be configured to be site-aware!

This is accomplished by following the detailed steps that are described on the ADCS Wiki link below.

The short version is however as follows:

  1. set the CA to detect which AD site it is in by running the following on the W2k12 CA server:
    certutil -f -setcasites set
  2. set the Windows 8 client to query AD site information about which CA it should enroll for by running the following on the client side:
    certutil -setreg Enroll\EnrollFlags 2

...then add some suger and bake for 30 minutes in the oven, that's it! :)

 

AD DS Site Awareness for AD CS and PKI Clients
http://social.technet.microsoft.com/wiki/contents/articles/14106.ad-ds-site-awareness-for-ad-cs-and-pki-clients.aspx

What's New in AD CS [in Windows Server 2012]?
http://technet.microsoft.com/en-us/library/hh831373.aspx

 

Comments
  • <p>Hi Ingolfur,</p> <p>FYI the registry change is *not* required on Windows 8 as the functionality is included by default. The wiki entry here: <a rel="nofollow" target="_new" href="http://social.technet.microsoft.com/wiki/contents/articles/14106.ad-ds-site-awareness-for-ad-cs-and-pki-clients.aspx">social.technet.microsoft.com/.../14106.ad-ds-site-awareness-for-ad-cs-and-pki-clients.aspx</a> has recently been updated to reflect this.</p> <p>Cheers</p> <p>JJ</p>

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment