Cert Publisher’s

By |2017-12-01T15:09:36+00:00February 7th, 2012|Cloud|0 Comments

Recently I was implementing a new PKI on a customer’s site.

They had a single forest with 6 child domains, some of the domains dated back to 2000 and so the “Cert Publisher’s” group was defined as a Global Group.
We need to add the computer account of the issuing CA’s to the Cert Publisher’s group in each child domain and so need the group to be a “domain local” group scope.
I used the following script to complete this as it is not possible to change within the gui of “Active Directory Users and Computers”

Set grp = GetObject(“LDAP://CN=Cert Publishers,CN=Users,DC=sub,DC=example,DC=com”)
grp.Put “groupType”,”-2147483640″
grp.SetInfo
grp.Put “groupType”,”-2147483644″
grp.SetInfo
Changing the DC=sub for each domain

Save the above in a .vbs file and run within an elevated command prompt.

Regards,
RichardK

Leave A Comment

like what you see? 

Sign-up to our newsletter and never miss out on the latest blogs, events and tech news from the world of risual
SUBSCRIBE!
Give it a try, you can unsubscribe anytime.