Solved

Should I have any concern before installing Active Directory Certificate Services in my forest?

Posted on 2014-12-12
6
88 Views
Last Modified: 2014-12-16
Hi,

I was asked to install ADCS to enable authentication for a project that needs LDAP integration using PicketLink (Import a certificate for LDAPS authentication).

I have no experience with that role (ADCS) and consequence on the forest, it's certificates etc...

My question is, should I have any concerns while installing that role vs Active Directory?

Thank you.

Dany
VG
0
Comment
Question by:Vision_Globale
  • 3
  • 3
6 Comments
 
LVL 39

Expert Comment

by:footech
ID: 40497086
Installing ADCS poses no risk to AD.  It's worth it though to take the time to thoroughly consider how you want things set up if you're going to deploy a full blown PKI.  For example if you wanted to maintain an offline standalone root, multiple issuing CAs, etc.  You can certainly have just a single CA for small environments.
0
 

Author Comment

by:Vision_Globale
ID: 40500857
Hi Footech,

Thanx for the fast reply! Well, we don't need a full blown PKI (I am not sure what it practically means), but I get it, I have to do my home work first. For now, we are looking at generating basic cert for auth (ldaps) for an internal website.

Anyways, thank you for the info.

Dany
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 40501462
Yeah, it is a nebulous concept, even in my head.  I guess I generally think of a full blown PKI as any setup which has multiple CAs, as that's a fair indication that some thought has gone into it and the setup reflects best practices.  However, as you may know small environments tend to live in a gray area as far as best practices are concerned.  It may be great to have separate servers for each individual role and have redundancies, etc, but that's not always practical.  So in small environments you may just rely on a single enterprise (as opposed to standalone) CA.

You can install the AD CS role on any member server or even a DC.  You can't rename a server with AD CS installed.  It's no problem to uninstall AD CS either, you just have to be aware any certificates that have been issued and how you're going to manage those.
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 

Author Comment

by:Vision_Globale
ID: 40501535
Going to install the role on a member server, trying to avoid a DC for such a role.

Will there be an impact (revocation...) on the certificates already use by domain machines, exchange, services for unix etc... Or it's business as usual and from now on, we can issue certs with no problems?

Thanx,

Dan
0
 
LVL 39

Expert Comment

by:footech
ID: 40501556
Business as usual.  Installing a CA and issuing certs from it has no impact on existing certs from other CAs or self-signed ones.
0
 

Author Comment

by:Vision_Globale
ID: 40501612
Footech, Thanks a lot appreciate the feedback!

Dan
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

FAQ pages provide a simple way for you to supply and for customers to find answers to the most common questions about your company. Here are six reasons why your company website should have a FAQ page
Does your audience prefer people in photos or no people? How can you best highlight what you’re selling? What are your competitors doing, and what can you do that is different and unique from them?  Continue reading to learn how to make your images …
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question