Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
One of the largely unheralded big new features of Active Directory Certificate Services is that it can now be configured to be site-aware!
This is accomplished by following the detailed steps that are described on the ADCS Wiki link below.
The short version is however as follows:
- set the CA to detect which AD site it is in by running the following on the W2k12 CA server:
certutil -f -setcasites set - set the Windows 8 client to query AD site information about which CA it should enroll for by running the following on the client side:
certutil -setreg EnrollEnrollFlags 2
...then add some suger and bake for 30 minutes in the oven, that's it! :)
AD DS Site Awareness for AD CS and PKI Clients
http://social.technet.microsoft.com/wiki/contents/articles/14106.ad-ds-site-awareness-for-ad-cs-and-pki-clients.aspx
What's New in AD CS [in Windows Server 2012]?
http://technet.microsoft.com/en-us/library/hh831373.aspx
Comments
- Anonymous
January 01, 2003
Hi Ingolfur, FYI the registry change is not required on Windows 8 as the functionality is included by default. The wiki entry here: social.technet.microsoft.com/.../14106.ad-ds-site-awareness-for-ad-cs-and-pki-clients.aspx has recently been updated to reflect this. Cheers JJ