在Windows Server Core 2019 安装CA
作者:互联网
本次想把原来安装在GUI上的DC和CA迁移到Server Core上:
首先在Server Core安装第二个DC:
安装第二个Domain Controller:
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
Install-ADDSDomainController -InstallDns -Credential (Get-Credential nip\gazh) -DomainName "nip.pub"
转移FSMO角色:
Get-ADForest -Identity nip.pub
Get-ADDomain -Identity nip.pub
Get-ADDomainController -Identity ni-dc01
Move-ADDirectoryServerOperationMasterRole -OperationMasterRole PDCEmulator,RIDMaster,InfrastructureMaster -Identity ni-dc01
Move-ADDirectoryServerOperationMasterRole -OperationMasterRole SchemaMaster,DomainNamingMaster -Identity ni-dc01
1. 角色:
Active Directory Certificate Services AD-Certificate
Certification Authority ADCS-Cert-Authority
Certificate Enrollment Policy Web Service ADCS-Enroll-Web-Pol
Certificate Enrollment Web Service ADCS-Enroll-Web-Svc
Certification Authority Web Enrollment ADCS-Web-Enrollment
Network Device Enrollment Service ADCS-Device-Enrollment
Online Responder ADCS-Online-Cert
2. 安装CA:
Install-WindowsFeature AD-Certificate,ADCS-Cert-Authority,ADCS-Web-Enrollment
利用备份的CA安装新的企业RootCA:
Install-AdcsCertificationAuthority -CAType EnterpriseRootCA -CertFile C:\CABak\NIP-S-CA.p12 -CertFilePassword (read-host "Set user password" -assecurestring)
配置Certification Authority Web Enrollment
Install-AdcsWebEnrollment
导入注册表配置:
reg import c:\CABak\reg-bak1.reg
打开CA 证书模板出错:Template information could not be loaded. Element not found.
打开ADSI Edit:
标签:Core,Certificate,Web,Windows,CA,Authority,ADCS,Enrollment 来源: https://blog.51cto.com/ganzy/2690769