What should you do?

You are the network administrator for Contoso Pharmaceuticals. The network consists of a single Active Directory forest. The forest contains Windows Server 2003 servers and Windows XP Professional computers. The forest consists of a forest root domain named contoso.com and two child domains named child1.contoso.com and child2.contoso.com. The child1.contoso.com domain contains a member server named Server1. You configure Server1 to be an enterprise certification authority (CA), and you configure a user certificate template. You enable the Publish certificate in Active Directory setting in the certificate template. You instruct users in both the child1.contoso.com and the child2.contoso.com domains to enroll for user certificates.

You discover that the certificates for user accounts in the child1.contoso.com domain are being published to Active Directory, but the certificates for user accounts in the child2.contoso.com domain are not. You want certificates issued by Server1 to child2.contoso.com domain user accounts to be published in Active Directory.

What should you do?

You are the network administrator for Contoso Pharmaceuticals. The network consists of a single Active Directory forest. The forest contains Windows Server 2003 servers and Windows XP Professional computers. The forest consists of a forest root domain named contoso.com and two child domains named child1.contoso.com and child2.contoso.com. The child1.contoso.com domain contains a member server named Server1. You configure Server1 to be an enterprise certification authority (CA), and you configure a user certificate template. You enable the Publish certificate in Active Directory setting in the certificate template. You instruct users in both the child1.contoso.com and the child2.contoso.com domains to enroll for user certificates.

You discover that the certificates for user accounts in the child1.contoso.com domain are being published to Active Directory, but the certificates for user accounts in the child2.contoso.com domain are not. You want certificates issued by Server1 to child2.contoso.com domain user accounts to be published in Active Directory.

What should you do?

A.
Configure user certificate autoenrollment for all domain user accounts in the contoso.com domain.

B.
Add Server1 to the Cert Publishers group in the contoso.com domain.

C.
Configure user certificate autoenrollment for all domain user accounts in the child2.contoso.com domain.

D.
Add Server1 to the Cert Publishers group in the child2.contoso.com domain.

Explanation:
The problem here is that ServerSrvC does not have the necessary permission to publish certificates for users in child2.Server.com. We can solve this problem by adding ServerSrvC to the Cert Publisher group in the child2.Server.com domain.

Reference:

http://support.microsoft.com/default.aspx?scid=kb;en-us;219059

David Watts & Will Willis, Windows Server 2003 Active Directory Infrastructure Exam Cram 2 (Exam 70-294): Que Publishing, Indianapolis, 2004, Chapter 3



Leave a Reply 0

Your email address will not be published. Required fields are marked *