Publish certificates in AD

[Thomas Kuborn]

Dear ng,

Is it standard behavior that only certificates with the "Enhanced Key Usage"
set to EFS file encryption are published in AD ?
Certificates with EKU = client authentication dont seem to be published ...

Any comment / url would be much appreciated !

Mr T

 

[Dale Weiss]

Hello,

Could you give me a little morer information?

In order to publish certificates in Active Directory, we must have an
Enterprise CA, so I assume that is the type of CA you are using. Please me
know if this is not correct. A standalone CA does not publish to Active
Directory.

Other types of certificates are published to AD. This is controlled by the
exit module settings in the CA properties in the CA snap-in. For an
enterprise CA the policy module will publish to AD, and the types of
certificates should not be a factor.

How were the certificates requested? Did you use the web interface or did
you use the MMC snap-in? Could you give me the exact steps you followed?

Dale Weiss MCSA MCSE CISSP
PSS Security

This posting is provided "AS IS" with no warranties, and confers no rights.
Any opinions or policies stated within are my own and do not necessarily
constitute those of my employer. Use of included script samples are subject
to the terms
specified at http://www.microsoft.com/info/cpyright.htm