Is "DN" of AD have "O" or "C" entity.

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I just beginning to learn in AD. I want your help.

My company want to set up Certificate Autority system and
we found that AD haven't "O" or "C" entity like other
LDAP. Is there any way to set AD to support "O" or "C"
like this DN "CN = 2001030611,OU = PCC ePayment Service,O
= 3101001002,C = TH" .

Thank for any advice.
 
Active Directory doesn't support O (organization) or C (is that country?)
as part of its naming convention. However, there are a number of articles
that outline how to setup a CA.

231881 HOW TO: How to Install/Uninstall a Public Key Certificate Authority
for
http://support.microsoft.com/?id=231881

In a large organization, you would want to create an Offline Root, Offline
Subordinate CAs and Enterprise Issuing CAs to minimize the damage if a
certificate server becomes compromised. In smaller organizations you might
not have a need for that many levels. The following articles help you
configure an Offline Root with Subordinate CAs.

271386 HOW TO: Install a Windows 2000 Certificate Services Offline Root
http://support.microsoft.com/?id=271386

313477 HOW TO: Get a Certificate Signed by an Off-Network Root Authority in
http://support.microsoft.com/?id=313477

If you are considering setting up a CA, take a look at the following
Microsoft websites for things to consider when planning your PKI
environment (the same practices apply to Windows 2000 as well):
Best Practices for Implementing a Microsoft Windows Server 2003 Public Key
Infrastructure
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
ol/windowsserver2003/maintain/operate/ws3pkibp.asp

Public Key Infrastructure for Windows Server 2003
http://www.microsoft.com/windowsserver2003/technologies/pki/default.mspx

David Pharr, (e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Content-Class: urn:content-classes:message
| From: <[email protected]>
| Sender: <[email protected]>
| Subject: Is "DN" of AD have "O" or "C" entity.
| Date: Wed, 19 Nov 2003 18:53:01 -0800
| Lines: 9
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Thread-Index: AcOvEWlg/7DMUWHYQl6tIBmTbkk3OQ==
| Newsgroups: microsoft.public.win2000.active_directory
| Path: cpmsftngxa07.phx.gbl
| Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.active_directory:56497
| NNTP-Posting-Host: tk2msftngxa12.phx.gbl 10.40.1.164
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| I just beginning to learn in AD. I want your help.
|
| My company want to set up Certificate Autority system and
| we found that AD haven't "O" or "C" entity like other
| LDAP. Is there any way to set AD to support "O" or "C"
| like this DN "CN = 2001030611,OU = PCC ePayment Service,O
| = 3101001002,C = TH" .
|
| Thank for any advice.
|
 
Back
Top