Which two cmdlets should you run?

Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1 that runs a Server Core installation of Windows Server
2012 R2.
You need to deploy a certification authority (CA) to Server1. The CA must support the autoenrollment of certificates.
Which two cmdlets should you run? (Each correct answer presents part of the solution.
Choose two.)

Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1 that runs a Server Core installation of Windows Server
2012 R2.
You need to deploy a certification authority (CA) to Server1. The CA must support the autoenrollment of certificates.
Which two cmdlets should you run? (Each correct answer presents part of the solution.
Choose two.)

A.
Add-CAAuthoritylnformationAccess

B.
Install-AdcsCertificationAuthority

C.
Add-WindowsFeature

D.
Install-AdcsOnlineResponder

E.
Install-AdcsWebEnrollment

Explanation:
* The Install-AdcsCertificationAuthority cmdlet performs installation and configuration of the
AD CS CA role service.
*The Install-AdcsWebEnrollment cmdlet performs initial installation and configuration of the
Certification Authority Web Enrollment role service.

Show Hint

Leave a Reply 43

Your email address will not be published. Required fields are marked *

Sam

Sam

I think it’s B and C

https://4sysops.com/archives/certificate-server-in-server-core/

You can install the Active Directory Certificate Services role by running the following PowerShell one-liner (start off by typing PowerShell first, to get the PowerShell prompt):
Install-WindowsFeature AD-Certificate

By default, when you run the Install-AdcsCertificationAuthority cmdlet, it will configure an Enterprise Root CA with a Common Name based on the Domain and Hostname of your Server Core installation and appended with -CA. :
Install-AdcsCertificationAuthority -CAType StandaloneRootCa -ValidityPeriod Years -ValidityPeriodUnits 10 -DatabaseDirectory “D:\ADCS” -LogDirectory “D:\ADCS”

Reply

Tyson

Tyson

(From that same link you provided) Enterprise Certification Authority:

To configure a CA for a smaller environment, you might simply use the following PowerShell command: Install-AdcsCertificationAuthority

Since most of the settings for a default CA look to be well-suited for small- to medium-sized businesses, I consider it a best practice to use them in this case. Answer y to accept them

Reply

Jobe

Jobe

It is B and C,

You cannot run Install-AdcsCertificationAuthority without the ADCS binaries installed – if you try you will recieve the following:

“install-adcscertificationauthority : The Certification Authority cannot be installed before the installation files are added. Add the role service through Server Manager or Add-WindowsFeature PowerShell cmdlet and then retry.”

So to point it out.:

1:add-windowsfeature ad-certificate
2:install-adcscertificationauthority

Enterprise CA supports auto enrollment – no need for web enrollment.

Reply

Tinh

Tinh

Verified. You are right

Reply

PPGrillo

PPGrillo

The Add-WindowsFeature cmdlet has been replaced, starting with Windows Server 2012, by the Install-WindowsFeature cmdlet. For more information about Install-WindowsFeature in Windows Server 2012, see Install-WindowsFeature. For more information about Install-WindowsFeature in Windows Server 2012 R2, see Install-WindowsFeature.

Reply

Puck

Puck

But it is still an Alias of the new command, is it not? So it will do the same thing.

Feel free to correct me as I may be wrong.

Reply

Ashfaq Ahamed

Ashfaq Ahamed

So has answers to be “B” & “E”?

Reply

eric chung

eric chung

It seems B and C.
You must install the CA role before you run Install-AdcsCertificationAuthority.

http://technet.microsoft.com/en-us/library/hh848389.aspx

“Detailed Description
The Install-AdcsCertificationAuthority cmdlet performs installation and configuration of the AD CS CA role service. To remove the certification authority role service use the Uninstall-AdcsCertificationAuthority cmdlet.

You can import the cmdlet by running the following commands from Windows PowerShell:
Import-Module ServerManager
Add-WindowsFeature Adcs-Cert-Authority”

Reply

Tyson

Tyson

Yes, but Add-WindowsFeature being replaced with Install-WindowsFeature, this is still not an option presented.

B & E still the valid Answer imo.

Reply

mahmoud zakaria

mahmoud zakaria

how did you know tyson B E still valid?

Reply

Guy

Guy

If I remember well Add-WindowsFeature did show up on my 70-410 and 70-411 exams a few weeks ago as a correct answer.

I’m with Eric on this question: B & C

Reply

ebrahimkali

ebrahimkali

Add-WindowsFeature is still valid in Windows Server 2012

Tested

https://www.dropbox.com/s/dtrrdjh1d87ra86/Add-WindowsFeature.jpg?dl=0

Reply

B-Art

B-Art

http://blogs.technet.com/b/yungchou/archive/2014/01/08/windows_2d00_server_2d00_2012_2d00_r2_2d00_installation_2d00_options_2d00_and_2d00_features_2d00_on_2d00_demand_2d00_part_2d00_3_2d00_of_2d00_5.aspx

Notice that Install-WindowsFeature and Uninstall-WindowsFeature replace Add-WindowsFeature and Remove-WindowsFeature, respectively. The latter two cmdlets were used to install features in Windows Server 2008 R2 and are now as ALIASES(!)

Reply

Puck

Puck

I believe Aliases are just “another name” for the same command.

If you input an alias of a command, such as “Add-WindowsFeature” I believe the command will run as if you typed in the new “Install-WindowsFeature” command.

Saw it in a video when I was studying for 410.

Ricky

Ricky

Correct.

This is trivial knowledge. No offense but I really wonder how some of you even passed 410 and 411. You shouldn’t be asking simple questions such as this at this stage.

Mosad

Mosad

he Install-AdcsCertificationAuthority cmdlet performs installation and configuration of the AD CS CA role service. To remove the certification authority role service use the Uninstall-AdcsCertificationAuthority cmdlet.
You can import the cmdlet by running the following commands from Windows PowerShell:
Import-Module ServerManager
Add-WindowsFeature Adcs-Cert-Authority
To include the Certification Authority and Certificate Templates consoles in a CA installation, you must add -IncludeManagementTools to the end of the AddWindowsFeature Adcs-Cert-Authority command.

Reply

Mosad

Mosad

The CA must support the auto-enrollment , not WebEnrollment
i think it should be C&B

Reply

Mostafa Ahmed Mohamed Salama

Mostafa Ahmed Mohamed Salama

Plz Help me with the correct answer because hassan didn’t ask 🙂

Reply

Jman

Jman

Haha Mostafa good one. :’D

Reply

bigfly

bigfly

I too thought its B & C you will be a least 50% right here..add feature is not gone so it is still in use on server 2012 r2.

.

Reply

Lostineurope

Lostineurope

Applies To: Windows Server 2012
You can use this procedure to install Active Directory® Certificate Services (AD CS) so that you can enroll a server certificate to servers running Network Policy Server (NPS), Routing and Remote Access Service (RRAS), or both.

To perform this procedure by using Windows PowerShell, open Windows PowerShell and type the following
command, and then press ENTER. You must also replace the domain name with the name that you want to use.

C. Add-WindowsFeature Adcs-Cert-Authority -IncludeManagementTools

After AD CS is installed, type the following command and press ENTER.

B. Install-AdcsCertificationAuthority –CAType EnterpriseRootCA

——————-
I read, but can not find, that AutoEnrollment does not need to be configured in 2012.

Reply

MC

MC

I agree with you, the answer is B & C

Reply

Billy

Billy

It is B & C.

B: This actually installs the Certification Authority on the server.
C: Use this to install Group Policy Management COnsole on the server, so you can set up the autoenrollment policy.

Reply

someone

someone

I’ve tested in my lab setup and B&C suffices. Granted, the auto-enroll settings still need to be configured (adding a copy of a template) besides the two commands and a gpo needs to be configured as well but at least there is support for the option, as mentioned in the question.

Reply

B-Art

B-Art

Best short answer among these!

Reply

Joe

Joe

B and C seems to be correct…

The reason I think it is not E is that E is so that users can go to a portal to enrol for a certificate, this is not autoenroll as it requires user interaction.

Add the ADCS feature and install the CA service. You can install CA without the ADCS feature

Reply

Joe

Joe

This was supposed to say “you can’t install CA without the ADCS feature”

Reply

David S

David S

It’s B & C.

Reply

snfonseka

snfonseka

Install-WindowsFeature, Installs one or more roles, role services, or features on either the local or a specified remote server that is running Windows Server 2012 R2. This cmdlet is equivalent to and replaces Add-WindowsFeature, the cmdlet that was used to install roles, role services, and features in Windows Server 2008 R2.

So how can one use Add-WindowsFeature in 2012 R2?

Reply

den

den

by just typing it into the PowerShell console, dude! try it for yourself…

Reply

Puck

Puck

ANSWER: B and C

Here is the excerpt on how to install it: https://gyazo.com/8a379fd4c93569074ec81fe4873aabc9

Taken from this page: http://securebits.in/deploying-a-certificate-authority-in-server-2012-using-powershell/?ckattempt=1

People saying that “ADD-WindowsFeature” is a redundant command isn’t entirely true. Yes, this is the old command and the new command for 2012 is “Install-WindowsFeature” BUT the old command still remains as an alias for the new one, so it will still work.

http://blogs.technet.com/b/heyscriptingguy/archive/2012/04/21/when-you-should-use-powershell-aliases.aspx

Also, it is probably a typo here.

Reply

Puck

Puck

Furthermore, took me 2 seconds to test in a lab…

Screenshot of the command running successfully: https://gyazo.com/ec352e500a6b1c6178555f9b2055a9a8

As you can see, when I input the “Add-WindowsFeature” command the server registered the command as if I had inputted “Install-WindowsFeature”

Reply

Julian

Julian

B & C
https://technet.microsoft.com/en-us/library/jj125375.aspx

To perform this procedure by using Windows PowerShell, open Windows PowerShell and type the following command, and then press ENTER. You must also replace the domain name with the name that you want to use.

Add-WindowsFeature Adcs-Cert-Authority -IncludeManagementTools

After AD CS is installed, type the following command and press ENTER.

Install-AdcsCertificationAuthority –CAType EnterpriseRootCA

Reply

Digixorcist

Digixorcist

From Technet:

https://technet.microsoft.com/en-us/library/hh848389(v=wps.630).aspx

The Install-AdcsCertificationAuthority cmdlet performs installation and configuration of the AD CS CA role service. To remove the certification authority role service use the Uninstall-AdcsCertificationAuthority cmdlet.
You can import the cmdlet by running the following commands from Windows PowerShell:
Import-Module ServerManager
Add-WindowsFeature Adcs-Cert-Authority
To include the Certification Authority and Certificate Templates consoles in a CA installation, you must add -IncludeManagementTools to the end of the AddWindowsFeature Adcs-Cert-Authority command.

The way I read it, you have to import the cmdlet first by using Add-WindowsFeature, then you can set up using Install-ADCSCertifithingimajig

Reply

Sam

Sam

i just asked Hassan and the answer is B & C …
loool

Reply

kurt

kurt

where the fuck is hassan when u need him

Reply

Hassan

Hassan

I’m here boys hold your horses. I’m now a MCSE, so I approve the B&C answer what more do you need?

Reply

Hassan

Hassan

That guy is an imposter! I am the real Hassan……

tell the correct answer plzzz ????

Reply

Hassan

Hassan

I am Hassan, you two copied my nickname… mad…

Reply

BlinTUZ

BlinTUZ

Something tells me that soon we will see one more Hassan.

Reply