How can you configure Active Directory so that it supports autoenrollment of certificates?

The ABC.com network consists of a single Windows 2000 Active Directory Domain. All client
computers on the ABC.com network run Windows XP Professional.
To improve security within the network, you install Certificate Services on a Windows Server 2003
member server named ABC-CA1. You configure ABC-CA1 as the root certification authority (CA)
for the ABC.com domain.
You open Certificate Templates on ABC-CA1 and discover that you cannot configure certificate
templates for autoenrollment.
The Certificate Templates console is shown below.

How can you configure Active Directory so that it supports autoenrollment of certificates?

The ABC.com network consists of a single Windows 2000 Active Directory Domain. All client
computers on the ABC.com network run Windows XP Professional.
To improve security within the network, you install Certificate Services on a Windows Server 2003
member server named ABC-CA1. You configure ABC-CA1 as the root certification authority (CA)
for the ABC.com domain.
You open Certificate Templates on ABC-CA1 and discover that you cannot configure certificate
templates for autoenrollment.
The Certificate Templates console is shown below.

How can you configure Active Directory so that it supports autoenrollment of certificates?

A.
UABCrade the domain functional level to Windows 2000 Native mode.

B.
Execute the dcpromo command on ABC-CA1 to uABCrade it to a domain controller.

C.
Execute the adprep command with the /domainprep parameter on ABC-CA1 to update the
domain schema.

D.
Execute the adprep command with the /forestprep parameter on the schema operations master
in order to update the forest schema.

E.
Execute the adprep command with the /forestprep parameter on ABC-CA1 in order to update
the forest schema.

Explanation:
The autoenrollment feature has several infrastructure requirements. These include:
Windows Server 2003 schema and Group Policy updates
Windows 2000 or Windows Server 2003 domain controllers
Windows XP Client
Windows Server 2003, Enterprise Edition running as an Enterprise certificate authority (CA)
In this question, we have a Windows 2000 domain; therefore, we have Windows 2000 domain
controllers. The Enterprise CA is running on a Windows Server 2003 member server which will
work fine only if the forest schema is a Windows Server 2003 schema. We can update the forest
schema with the adprep /forestprep command.
Reference:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/maintain
/certenrl.asp?frame=true
David Watts & Will Willis, Windows Server 2003 Active Directory Infrastructure Exam Cram 2
(Exam 70-294): Que Publishing, Indianapolis, 2004, Chapter 3



Leave a Reply 1

Your email address will not be published. Required fields are marked *


strona główna

strona główna

I absolutely love your blog and find a lot of your post’s to be what precisely I’m looking for. Would you offer guest writers to write content for you? I wouldn’t mind publishing a post or elaborating on many of the subjects you write about here. Again, awesome weblog!