You are a network administrator for your company. The network consists of a single Windows 2000 Active Directory forest that has four domains. All client computers run Windows XP Professional. The company’s written security policy states that all e-mail messages must be electronically signed when sent to other employees.
You decide to deploy Certificate Services and automatically enroll users for e-mail authentication certificates. You install Windows Server 2003 on two member servers and install Certificate Services. You configure one Windows Server 2003 computer as a root certification authority (CA).
You configure the other Windows Server 2003 server as an enterprise subordinate CA. You open Certificate Templates on the enterprise subordinate CA, but you are unable to configure certificates templates for autoenrollment.
The Certificate Templates administration tool is shown in the exhibit.
You need to configure Active Directory to support autoenrollment of certificates.
What should you do?
Exhibit:
A.
Run the adprep /forestprep command on the schema operations master.
B.
Run the adprep /domainprep command on a Windows 2000 Server domain controller that is in the same domain as the enterprise subordinate CA.
C.
Place the enterprise subordinate CA’s computer account in the Cert Publishers Domain Local group.
D.
Install Active Directory on the Windows Server 2003 member server that is functioning as the enterprise subordinate CA. Configure this server as an additional domain controller in the Windows 2000 Active Directory domain.
Explanation:
The autoenrollment feature has several infrastructure requirements. These includ* Windows Server 2003 schema and Group Policy updates
Windows 2000 or Windows Server 2003 domain controllers Windows XP Client
Windows Server 2003, Enterprise Edition running as an Enterprise certificate authority (CA) In this question, we have a Windows 2000 domain; therefore, we have Windows 2000 domain controllers. The Enterprise CA is running on a Windows Server 2003 member server which will work fine only if the forest schema is a Windows Server 2003 schema. We can update the forest schema with the adprep /forestprep command.Reference:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/maintain /certenrl.asp?frame=true“A Composite Solution With Just One Click” – Certification Guaranteed 97 Microsoft 70-293 Exam
David Watts & Will Willis, Windows Server 2003 Active Directory Infrastructure Exam Cram 2 (Exam 70-294): Que Publishing, Indianapolis, 2004, Chapter 3