Your network contains an Active Directory domain named contoso.com. The domain contains a server named
Server1 that runs a Server Core installation of Windows Server 2012 R2.
You need to deploy a certification authority (CA) to Server1. The CA must support the auto-enrollment of
certificates.
Which two cmdlets should you run? (Each correct answer presents part of the solution. Choose two.)
A.
Add-CAAuthoritylnformationAccess
B.
Install-AdcsCertificationAuthority
C.
Add-WindowsFeature
D.
Install-AdcsOnlineResponderE. Install-AdcsWebEnrollment
Explanation:
B:
The Install-AdcsCertificationAuthority cmdlet performs installation and configuration of the AD CS CA role
service. It can be used to install a root CA.
Example:
Install-AdcsCertificationAuthority –CAType StandaloneRootCA –CACommonName “ContosoRootCA” –
KeyLength 2048 –HashAlgorithm SHA1–CryptoProviderName “RSA#Microsoft Software Key Storage Provider”
E: The Install-AdcsWebEnrollment cmdlet performs initial installation and configuration of the Certification
Authority Web Enrollment role service.
Note: Prior to the availability of Certificate Enrollment Web Services, AD CS required that client computers
configured for certificate auto-enrollment be connected directly to the corporate network. Certificate Enrollment
Web Services allows organizations to enable AD CS using a perimeter network. This allows users and
computers outside the corporate network to enroll for certificates.
Certificate Enrollment web service
Deploying AD CS Using Windows PowerShell
B,C
10
1
Quote: “heh
April 10, 2018 at 6:54 pm
B and C confirmed in lab.
Installed a server core installation of Server 2012 R2 and tried to do B first using the example in the explanation:
Install-AdcsCertificationAuthority –CAType StandaloneRootCA CACommonName “ContosoRootCA” –KeyLength 2048 –HashAlgorithm SHA1 -CryptoProviderName “RSA#Microsoft Software Key Storage Provider”
ALMOST IMMEDIATELY… it errored out stating that “Install-ADCSCer…” is not a valid command.
I then did “Add-WindowsFeature ADCS-Cert-Authority -IncludeManagementTools” which succeeded without problem. so C is a must-have.
I then scrolled up through my history of commands back to the Install-ADCSCertificationAuthority rather than type it in again to ensure that I’m using the same exact command as I typed before. This time I got a syntax error in one of my switches, didn’t bother to check what. But this confirms that powershell in server core now recognizes this Install command after adding ACDS.
When I did just Install-ADCSCertificationAuthority without any switches, it then went to “questionnaire” mode.
B & C are confirmed from my lab test!”
0
0