You implement a cross-forest enrollment between contoso.com and Fabricam.com
You receive version errors when you deploy updated certificates from the Contoso domain to the Fabricam domain.
You need to ensure that you can deploy the certificates to the fabricam.com domain.
What should you do?
A.
Run the following Windows PowerShell script:
DumpADObj.ps1 -ForestName fabricam.com
B.
Run the following Windows PowerShell script:
PKISync.ps1 -sourceforest contoso.com -targetforest fabricam.com -f
C.
Run the following Windows PowerShell script:
Get-CertificationAuthority contoso.com | Get-PendingRequest | Approve-CertificateRequest
D.
Run the following Windows PowerShell script:
Get-CertificationAuthority -Name contoso.com | Get-PolicyModuleFlag | Enable-PolicyModuleFlag
EnableOCSPRevNoCheck, DisableExtensionList -RestartCA
Explanation:
http://www.certifychat.com/70-414-a/347-ensure-deploy-certificates-fabricam-com-domain.htmlIn cross-forest Active Directory Certificate Services (AD CS) deployments, use DumpADObj.ps1 to troubleshoot
certificate enrollment or PKI object synchronization problems.
AD CS: DumpADObj.ps1 Script for Cross-forest Certificate Enrollment
https://technet.microsoft.com/en-us/library/ff961505(v=ws.10).aspx
B is correct. the -f parameter forces synchronization
In link below you can find more details to answer:
AD CS: Deploying Cross-forest Certificate Enrollment
https://technet.microsoft.com/en-us/library/ff955845%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
and
AD CS: PKISync.ps1 Script for Cross-forest Certificate Enrollment
https://technet.microsoft.com/en-us/library/ff961506%28v=ws.10%29.aspx