AD Troubleshooting

AD and Domain-related issues and troubleshooting methods for Active Directory.

Browse by Tags

Related Posts
  • Blog Post: Tweaking ADCS performance

    The default settings for ADCS are fine for smaller installations - however, once your CA database goes beyond the toddler stage and starts exceeding a few gigabytes you should consider tweaking a few knobs on it for better performance. Avoid ticking auditing for Startup/Shutdown of the ADCS service...
  • Blog Post: Peeling the onion - how many layers should your PKI have?

    I‘ve been talking to a colleague who insists a 1-tier PKI infrastructure is better than a 2-tier PKI infrastructure but without providing details on exactly why. Is it better? The word „Better“ is fairly meaningless as a quantitative descriptor. If you‘re talking to someone...
  • Blog Post: ADCS and dedicated CRL-signing certificates

    We're seeing what appears to be random revocation checking failures on clients for certificates issued by our CA. The infrastructure is a 2-tier PKI with an OCSP defined on the issuing CA certificate and the CRL from the Root CA signed by a dedicated CRL-signing certificate (i.e. not the issuing cert...