Solved

ROOT CA To Be Generated From AD

Posted on 2011-03-08
8
365 Views
Last Modified: 2012-05-11
We require to generate a certificate in AD for the LDAPS. We will then need to import the generated cert into the cert store on a particular server.
As well will need to deploy certs to desktops and other servers. What issues can we expect?
I have viewed the following article, http://technet.microsoft.com/en-us/library/cc772393%28WS.10%29.aspx. Do we just follow the "To set up an enterprise root CA" procedure?
0
Comment
Question by:ablsysadmin
  • 4
  • 4
8 Comments
 
LVL 11

Accepted Solution

by:
Tasmant earned 500 total points
ID: 35068482
When deploying an enterprise root CA, the CA public certificate is published into AD and automatically deployed to domain members as a trusted root certificate.
You can duplicate templates and activate the autoenrollment to automatically deploy computer/servers certificates to your machines.
If Domain Controllers fails to get certificate, check if the Domain Controllers group is member of CERTSVC_DCOM_ACCESS.

Based on your domain hierarchy, you could encounter issue with enrollment. Take a closer look at :
- http://support.microsoft.com/kb/281271/en-us
- http://support.microsoft.com/kb/927066/en-us
- http://support.microsoft.com/kb/961298
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35068509
0
 

Author Comment

by:ablsysadmin
ID: 35094323
Hi, checked all that you requested. Pretty straight forward to install the root CA. Note that all that is required is to enable SSL on AD. Will the installation of the root ca affect anything or?
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35094406
the installation of the CA won't affect anything. CA will bring new features and capabilities on your network but shouldn't break anything.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:ablsysadmin
ID: 35094436
Thanks for the quick reply. Will this enable SSL/LDAP automatically?
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35094540
0
 

Author Comment

by:ablsysadmin
ID: 35136746
Hi, i created a copy DC and installed CA without any issues. LDAPs is enabled. But now if i try to join the domain (test DC) from an test workstation i am unable to join the domain using NetBIOS? FQDN domain works 100% but NetBIOS name fails. will this influence the netbios authentication as well? Thinking of domain authentication being used in services like SQL services start-ups
0
 

Author Comment

by:ablsysadmin
ID: 35137085
solution found. going to implement CA
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

My last post dealt with using group policy preferences to set file associations, a very handy usage for a GPP. Today I am going to share another cool GPP trick, this may be a specific scenario but I run into these situations frequently in my activit…
Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now