Your network contains an Active Directory domain named contoso.com. The domain contains a
server named Server1 that runs a Server Core installation of Windows Server 2012 R2.
You need to deploy a certification authority (CA) to Server1. The CA must support the autoenrollment of certificates.
Which two cmdlets should you run? (Each correct answer presents part of the solution. Choose two.)
A.
Add-CAAuthoritylnformationAccess
B.
Install-AdcsCertificationAuthority
C.
Add-WindowsFeature
D.
Install-AdcsOnlineResponder
E.
Install-AdcsWebEnrollment
Explanation:
B)
The Install-AdcsCertificationAuthority cmdlet performs installation and configuration of the AD CS
CA role service. It can be used to install a root CA.
Example:
Install-AdcsCertificationAuthority –CAType StandaloneRootCA –CACommonName “ContosoRootCA”
–KeyLength 2048 –HashAlgorithm SHA1 –CryptoProviderName “RSA#Microsoft Software Key
Storage Provider”
E: The Install-AdcsWebEnrollment cmdlet performs initial installation and configuration of the
Certification Authority Web Enrollment role service.Note: Prior to the availability of Certificate Enrollment Web Services, AD CS required that client
computers configured for certificate auto-enrollment be connected directly to the corporate
network. Certificate Enrollment Web Services allows organizations to enable AD CS using a
perimeter network. This allows users and computers outside the corporate network to enroll for
certificates.
Certificate Enrollment web service
Deploying AD CS Using Windows PowerShell
Jobe says:
November 11, 2015 at 4:47 pm
It is B and C,
You cannot run Install-AdcsCertificationAuthority without the ADCS binaries installed – if you try you will recieve the following:
“install-adcscertificationauthority : The Certification Authority cannot be installed before the installation files are added. Add the role service through Server Manager or Add-WindowsFeature PowerShell cmdlet and then retry.”
So to point it out.:
1:add-windowsfeature ad-certificate
2:install-adcscertificationauthority
Enterprise CA supports auto enrollment – no need for web enrollment.
0
0
agree
It is B and C
0
0
It is B & C.
B: This actually installs the Certification Authority on the server.
C: Use this to install Group Policy Management COnsole on the server, so you can set up the autoenrollment policy.
Reply
0
0
Julian says:
December 24, 2015 at 4:27 pm
B & C
https://technet.microsoft.com/en-us/library/jj125375.aspx
To perform this procedure by using Windows PowerShell, open Windows PowerShell and type the following command, and then press ENTER. You must also replace the domain name with the name that you want to use.
Add-WindowsFeature Adcs-Cert-Authority -IncludeManagementTools
After AD CS is installed, type the following command and press ENTER.
Install-AdcsCertificationAuthority –CAType EnterpriseRootCA
0
0