You need to ensure that you can issue certificates based on certificate templates

Your network contains an Active Directory domain named contoso.com. The network contains two
servers named Server1 and Server2.
You deploy Active Directory Certificate Services (AD CS). The certification authority (CA) is configured
as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that you can issue certificates based on certificate templates.
What should you do?

Your network contains an Active Directory domain named contoso.com. The network contains two
servers named Server1 and Server2.
You deploy Active Directory Certificate Services (AD CS). The certification authority (CA) is configured
as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that you can issue certificates based on certificate templates.
What should you do?

A.
On Server1, install the Network Device Enrollment Service role service.

B.
Configure Server2 as a standalone subordinate CA.

C.
On Server1, uninstall, and then reinstall AD CS.

D.
On Server1, run the Add-CertificateEnrollmentPolicyServer cmdlet.

Explanation:

In a typical CA infrastructure the Stand-alone CAs are primarily intended to be used as Trusted
Offline RootCAs in a CA hierarchy or when extranets and the Internet are involved. In a stand-alone
CA Certificatetemplates are not used. An enterprise CA uses certificate types, which are based on a
certificate template

Show Hint

Leave a Reply 2

Your email address will not be published. Required fields are marked *

FSM

FSM

In the absence of “On Server1, uninstall, and then reinstall AD CS”, the answer is “Configure Server2 as an Enterprise subordinate CA”.

Reply