本次想把原来安装在GUI上的DC和CA迁移到Server Core上:

首先在Server Core安装第二个DC:

安装第二个Domain Controller:

Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools


Install-ADDSDomainController -InstallDns -Credential (Get-Credential nip\gazh) -DomainName "nip.pub"

转移FSMO角色:

Get-ADForest -Identity nip.pub

Get-ADDomain -Identity nip.pub

Get-ADDomainController -Identity ni-dc01

Move-ADDirectoryServerOperationMasterRole -OperationMasterRole PDCEmulator,RIDMaster,InfrastructureMaster -Identity ni-dc01

Move-ADDirectoryServerOperationMasterRole -OperationMasterRole SchemaMaster,DomainNamingMaster -Identity ni-dc01

title=

1. 角色:

Active Directory Certificate Services AD-Certificate

Certification Authority ADCS-Cert-Authority

Certificate Enrollment Policy Web Service ADCS-Enroll-Web-Pol

Certificate Enrollment Web Service ADCS-Enroll-Web-Svc

Certification Authority Web Enrollment ADCS-Web-Enrollment

Network Device Enrollment Service ADCS-Device-Enrollment

Online Responder ADCS-Online-Cert

2. 安装CA:

Install-WindowsFeature AD-Certificate,ADCS-Cert-Authority,ADCS-Web-Enrollment

利用备份的CA安装新的企业RootCA:

Install-AdcsCertificationAuthority -CAType EnterpriseRootCA -CertFile C:\CABak\NIP-S-CA.p12 -CertFilePassword (read-host "Set user password" -assecurestring)

title=

配置Certification Authority Web Enrollment

Install-AdcsWebEnrollment

title=

导入注册表配置:

reg import c:\CABak\reg-bak1.reg

title=

打开CA 证书模板出错:Template information could not be loaded. Element not found.

title=

打开ADSI Edit:

title=

title=

title=

title=

title=

标签: Windows, Core, Web, CA, Certificate, Authority, ADCS, Enrollment

相关文章推荐

添加新评论,含*的栏目为必填