Multiple enterprise subordinate CAs in one domain

-

lets imagine have following pki stucture – 1 root ca (standalone) , 2 enterprise cas. 1 of these enterprise ca‘s has domain controller authentication template published , other doesn‘t. may domain controllers autoenroll certificates according template time time. question – domain controller able find correct ca in ad  domain controller authentication  template enabled , able autoenroll certificate? affraid can stuck on ca template disabled , fail autoenrollment l thanks.

no, domain controller find ca template published , able enroll against template.

paul adare cto identit inc. ilm mvp


Windows Server  >  Security



Comments

Post a Comment

Popular posts from this blog

Schannel Issue

-
hello there, i have windows 2008 r2 machine. , have hosted sharepoint 2010 on it. i have site have published on internet. i don't know whether it's related , getting error unable resolve or come conclusion. it's pretty frequent. my server patched latest updates. log name:      system source:        schannel date:          8/12/2011 3:49:43 pm event id:      36887 task category: none level:         error keywords:      user:          system computer:      mycomp.domain.com description: following fatal alert received: 42.   the above error doesn't provide info . could please me identify issue , possible solution ? there have been lot of posts one. i believe can safely ignored...
Read more

Indexing Server

-
just quick question - 2008 have indexing server? can't see option - , want setup web based search engine using indexing server catalogs , asp.net....   it availble? does not based on - http://technet2.microsoft.com/windowsserver2008/en/library/82bac070-bee4-452e-a783-3ce31b5e1d0f1033.mspx?mfr=true Windows Server  >  Management
Read more

oclist /xml or /?

-
oclist have qualifiers? can behaviour changed, example output xml?   given previous comments andrew m , comments in forums , blogs think answer no, it’s simple app calling underlying api, thought i'd ask can't seem find anything.   why asking question? i'd @ least 2 things oclist (apart nicer looking output [which i'm not going get], dependances listed [dicussed in forum , ruled out], , refrushing add ad componets , telling use dcpromo [which in banner know]): - whether installing component cuase / require reboot (currently believe qwave , printing services require reboot)   - xml output, can't justify team looking see if can commality with full server   fwiw :j   hi,   oclist not have qualifiers or ways change output. when iis came in late, make oclist output longer, unfortunately late make significant changes.   i'll take feedback , add our list next version.   thanks,   andrew   ...
Read more