Re: AD Autoenrollment of Certificates

From: Shawn Rabourn [MSFT] (shawnrab_at_online.microsoft.com)
Date: 03/25/04

Next message: Shawn Rabourn [MSFT]: "Re: AD Autoenrollment of Certificates"
Previous message: Eric Voskuil: "Re: Assigning a Computer a Printer"
In reply to: Franz Schenk: "AD Autoenrollment of Certificates"
Next in thread: Shawn Rabourn [MSFT]: "Re: AD Autoenrollment of Certificates"
Messages sorted by: [ date ] [ thread ]

Date: Thu, 25 Mar 2004 00:52:08 -0500

Windows 2003 replaced the Autoenrollment policy with an AutoEnroll ACE in
the template. To get all of the features of a Windows 2003 Enterprise CA,
you can run forestprep and domainprep without promoting a single DC to
Windows 2003.

--Shawn
This posting is provided "AS IS" with no warranties and confers no rights.

"Franz Schenk" <franz.schenkNOSPAM@fititNO-_SPAM.ch> wrote in message
news:uGW8JINEEHA.3392@TK2MSFTNGP11.phx.gbl...
> We have a Enterprise CA on a Windows 2003 member server in a Windows 2000
> Forest and Domain. We had to discover that the object "Autoenrollment
> settings" in "Public Key Policies", Security Settings", "Windows Settings"
> in the computer configuration of the default domain GPO is missing. Thats
> even the same if we create a new GPO on the Windows 2003 member server
with
> the GPMC console.
>
> What do we have to do for automatically distribute and renew computer and
> user certificates from the Windows 2003 enterprise CA to our XP SP1
clients?
> Is there a possibility to do that with the Windows 2000 AD, do we have to
> upgrade just one domain contoller to Windows 2003, all domain controllers
in
> the domain, or even upgrade the forest to Windows 2003?
> Or can we just run forestprep and/or domainprep in our domain without
> upgrading to Windows 2003?
>
> Thanks in advance for any help!
> Franz
>
>

Next message: Shawn Rabourn [MSFT]: "Re: AD Autoenrollment of Certificates"
Previous message: Eric Voskuil: "Re: Assigning a Computer a Printer"
In reply to: Franz Schenk: "AD Autoenrollment of Certificates"
Next in thread: Shawn Rabourn [MSFT]: "Re: AD Autoenrollment of Certificates"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Upgrading Windows 2000 Domain to Windows 2003
... The AD need only be forestprep and domain prep once. ... > Windows 2003 DC's and then removing the legacy DC's. ... > We have also recently upgraded our Exchange organisation from 5.5 to ... > AD when we ran domainprep and forestprep for the Exchange upgrade? ...
(microsoft.public.windows.server.migration)
Re: Exchange server connectivity
... This behavior can occur if the Autoenrollment feature cannot reach an Active ... In a Microsoft Windows NT 4.0 domain, ... the problem can be caused by a DNS name resolution or network connectivity ... In the left pane, expand Computer Configuration, expand Windows ...
(microsoft.public.windows.server.sbs)
RE: Event ID 15 Auto enrollment errors
... Local Group Policy for a Windows XP-based or a Windows Server 2003-based ... 310461 Problems When the Autoenrollment Feature Cannot Reach an Active ... This newsgroup only focuses on SBS technical issues. ... you may want to contact Microsoft CSS directly. ...
(microsoft.public.windows.server.sbs)
Upgrading Windows 2000 Domain to Windows 2003
... Windows 2003 DC's and then removing the legacy DC's. ... AD when we ran domainprep and forestprep for the Exchange upgrade? ...
(microsoft.public.windows.server.migration)
Re: InetOrgPersonPrevent.ldf fix needed ?
... If You do the Exchange 2003 forestprep before doing the Windows 2003 adprep ... if Windows 2003 was introduced before Exchange 2003 ... if having installed Exchange 2003 I later upgrade to windows 2003 will I ...
(microsoft.public.exchange.setup)