Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1 that runs a Server Core installation of Windows Server
2012 R2.
You need to deploy a certification authority (CA) to Server1. The CA must support the autoenrollment of certificates.
Which two cmdlets should you run? (Each correct answer presents part of the solution.
Choose two.)
A.
Add-CAAuthoritylnformationAccess
B.
Install-AdcsCertificationAuthority
C.
Add-WindowsFeature
D.
Install-AdcsOnlineResponder
E.
Install-AdcsWebEnrollment
Explanation:
* The Install-AdcsCertificationAuthority cmdlet performs installation and configuration of the
AD CS CA role service.
*The Install-AdcsWebEnrollment cmdlet performs initial installation and configuration of the
Certification Authority Web Enrollment role service.
I think it’s B and C
https://4sysops.com/archives/certificate-server-in-server-core/
You can install the Active Directory Certificate Services role by running the following PowerShell one-liner (start off by typing PowerShell first, to get the PowerShell prompt):
Install-WindowsFeature AD-Certificate
By default, when you run the Install-AdcsCertificationAuthority cmdlet, it will configure an Enterprise Root CA with a Common Name based on the Domain and Hostname of your Server Core installation and appended with -CA. :
Install-AdcsCertificationAuthority -CAType StandaloneRootCa -ValidityPeriod Years -ValidityPeriodUnits 10 -DatabaseDirectory “D:\ADCS” -LogDirectory “D:\ADCS”
0
0
(From that same link you provided) Enterprise Certification Authority:
To configure a CA for a smaller environment, you might simply use the following PowerShell command: Install-AdcsCertificationAuthority
Since most of the settings for a default CA look to be well-suited for small- to medium-sized businesses, I consider it a best practice to use them in this case. Answer y to accept them
0
0
It is B and C,
You cannot run Install-AdcsCertificationAuthority without the ADCS binaries installed – if you try you will recieve the following:
“install-adcscertificationauthority : The Certification Authority cannot be installed before the installation files are added. Add the role service through Server Manager or Add-WindowsFeature PowerShell cmdlet and then retry.”
So to point it out.:
1:add-windowsfeature ad-certificate
2:install-adcscertificationauthority
Enterprise CA supports auto enrollment – no need for web enrollment.
5
0
Verified. You are right
0
0
going with B/C
0
0
The Add-WindowsFeature cmdlet has been replaced, starting with Windows Server 2012, by the Install-WindowsFeature cmdlet. For more information about Install-WindowsFeature in Windows Server 2012, see Install-WindowsFeature. For more information about Install-WindowsFeature in Windows Server 2012 R2, see Install-WindowsFeature.
0
1
But it is still an Alias of the new command, is it not? So it will do the same thing.
Feel free to correct me as I may be wrong.
0
0
So has answers to be “B” & “E”?
0
1
It seems B and C.
You must install the CA role before you run Install-AdcsCertificationAuthority.
http://technet.microsoft.com/en-us/library/hh848389.aspx
“Detailed Description
The Install-AdcsCertificationAuthority cmdlet performs installation and configuration of the AD CS CA role service. To remove the certification authority role service use the Uninstall-AdcsCertificationAuthority cmdlet.
You can import the cmdlet by running the following commands from Windows PowerShell:
Import-Module ServerManager
Add-WindowsFeature Adcs-Cert-Authority”
0
0
Yes, but Add-WindowsFeature being replaced with Install-WindowsFeature, this is still not an option presented.
B & E still the valid Answer imo.
0
1
how did you know tyson B E still valid?
0
0
If I remember well Add-WindowsFeature did show up on my 70-410 and 70-411 exams a few weeks ago as a correct answer.
I’m with Eric on this question: B & C
0
0
Add-WindowsFeature is still valid in Windows Server 2012
Tested
https://www.dropbox.com/s/dtrrdjh1d87ra86/Add-WindowsFeature.jpg?dl=0
0
0
http://blogs.technet.com/b/yungchou/archive/2014/01/08/windows_2d00_server_2d00_2012_2d00_r2_2d00_installation_2d00_options_2d00_and_2d00_features_2d00_on_2d00_demand_2d00_part_2d00_3_2d00_of_2d00_5.aspx
Notice that Install-WindowsFeature and Uninstall-WindowsFeature replace Add-WindowsFeature and Remove-WindowsFeature, respectively. The latter two cmdlets were used to install features in Windows Server 2008 R2 and are now as ALIASES(!)
0
0
I believe Aliases are just “another name” for the same command.
If you input an alias of a command, such as “Add-WindowsFeature” I believe the command will run as if you typed in the new “Install-WindowsFeature” command.
Saw it in a video when I was studying for 410.
0
0
Correct.
This is trivial knowledge. No offense but I really wonder how some of you even passed 410 and 411. You shouldn’t be asking simple questions such as this at this stage.
0
2
he Install-AdcsCertificationAuthority cmdlet performs installation and configuration of the AD CS CA role service. To remove the certification authority role service use the Uninstall-AdcsCertificationAuthority cmdlet.
You can import the cmdlet by running the following commands from Windows PowerShell:
Import-Module ServerManager
Add-WindowsFeature Adcs-Cert-Authority
To include the Certification Authority and Certificate Templates consoles in a CA installation, you must add -IncludeManagementTools to the end of the AddWindowsFeature Adcs-Cert-Authority command.
0
0
The CA must support the auto-enrollment , not WebEnrollment
i think it should be C&B
0
0
Plz Help me with the correct answer because hassan didn’t ask 🙂
0
1
Haha Mostafa good one. :’D
0
0
I too thought its B & C you will be a least 50% right here..add feature is not gone so it is still in use on server 2012 r2.
.
0
0
figured they would use this cmd for auto enrollment
http://technet.microsoft.com/en-us/library/jj631629.aspx
0
0
http://technet.microsoft.com/library/hh831348.aspx
0
0
This is the best link, IMO. The start of the article refers to the Add-WindowsFeature, while the main article refers to Install-AdcsCertificationAuthority
0
0
Applies To: Windows Server 2012
You can use this procedure to install Active Directory® Certificate Services (AD CS) so that you can enroll a server certificate to servers running Network Policy Server (NPS), Routing and Remote Access Service (RRAS), or both.
To perform this procedure by using Windows PowerShell, open Windows PowerShell and type the following
command, and then press ENTER. You must also replace the domain name with the name that you want to use.
C. Add-WindowsFeature Adcs-Cert-Authority -IncludeManagementTools
After AD CS is installed, type the following command and press ENTER.
B. Install-AdcsCertificationAuthority –CAType EnterpriseRootCA
——————-
I read, but can not find, that AutoEnrollment does not need to be configured in 2012.
0
0
I agree with you, the answer is B & C
0
0
It is B & C.
B: This actually installs the Certification Authority on the server.
C: Use this to install Group Policy Management COnsole on the server, so you can set up the autoenrollment policy.
0
0
I’ve tested in my lab setup and B&C suffices. Granted, the auto-enroll settings still need to be configured (adding a copy of a template) besides the two commands and a gpo needs to be configured as well but at least there is support for the option, as mentioned in the question.
0
0
Best short answer among these!
0
0
B and C seems to be correct…
The reason I think it is not E is that E is so that users can go to a portal to enrol for a certificate, this is not autoenroll as it requires user interaction.
Add the ADCS feature and install the CA service. You can install CA without the ADCS feature
0
0
This was supposed to say “you can’t install CA without the ADCS feature”
0
0
It’s B & C.
0
0
Install-WindowsFeature, Installs one or more roles, role services, or features on either the local or a specified remote server that is running Windows Server 2012 R2. This cmdlet is equivalent to and replaces Add-WindowsFeature, the cmdlet that was used to install roles, role services, and features in Windows Server 2008 R2.
So how can one use Add-WindowsFeature in 2012 R2?
0
0
by just typing it into the PowerShell console, dude! try it for yourself…
0
0
ANSWER: B and C
Here is the excerpt on how to install it: https://gyazo.com/8a379fd4c93569074ec81fe4873aabc9
Taken from this page: http://securebits.in/deploying-a-certificate-authority-in-server-2012-using-powershell/?ckattempt=1
People saying that “ADD-WindowsFeature” is a redundant command isn’t entirely true. Yes, this is the old command and the new command for 2012 is “Install-WindowsFeature” BUT the old command still remains as an alias for the new one, so it will still work.
http://blogs.technet.com/b/heyscriptingguy/archive/2012/04/21/when-you-should-use-powershell-aliases.aspx
Also, it is probably a typo here.
0
0
Furthermore, took me 2 seconds to test in a lab…
Screenshot of the command running successfully: https://gyazo.com/ec352e500a6b1c6178555f9b2055a9a8
As you can see, when I input the “Add-WindowsFeature” command the server registered the command as if I had inputted “Install-WindowsFeature”
0
0
B & C
https://technet.microsoft.com/en-us/library/jj125375.aspx
To perform this procedure by using Windows PowerShell, open Windows PowerShell and type the following command, and then press ENTER. You must also replace the domain name with the name that you want to use.
Add-WindowsFeature Adcs-Cert-Authority -IncludeManagementTools
After AD CS is installed, type the following command and press ENTER.
Install-AdcsCertificationAuthority –CAType EnterpriseRootCA
0
0
From Technet:
https://technet.microsoft.com/en-us/library/hh848389(v=wps.630).aspx
The Install-AdcsCertificationAuthority cmdlet performs installation and configuration of the AD CS CA role service. To remove the certification authority role service use the Uninstall-AdcsCertificationAuthority cmdlet.
You can import the cmdlet by running the following commands from Windows PowerShell:
Import-Module ServerManager
Add-WindowsFeature Adcs-Cert-Authority
To include the Certification Authority and Certificate Templates consoles in a CA installation, you must add -IncludeManagementTools to the end of the AddWindowsFeature Adcs-Cert-Authority command.
The way I read it, you have to import the cmdlet first by using Add-WindowsFeature, then you can set up using Install-ADCSCertifithingimajig
0
0
i just asked Hassan and the answer is B & C …
loool
0
0
where the fuck is hassan when u need him
1
0
I’m here boys hold your horses. I’m now a MCSE, so I approve the B&C answer what more do you need?
0
0
That guy is an imposter! I am the real Hassan……
tell the correct answer plzzz ????
1
0
I am Hassan, you two copied my nickname… mad…
0
0
Something tells me that soon we will see one more Hassan.
0
0