Month: September 2019

Setup Server 2019 Enterprise CA 5/5: Deploy Policy Templates

Previous: Setup Group Policy   After Setting up an Enterprise CA some Certificate policies are available without additional configuration. In this post I will demonstrate how to add Certificate Template and publish it. Deploy Policy Templates   1. On the Subordinate CA start the “Certification Authority” and select “Certificate Templates”. In the right pane all […]

Setup Server 2019 Enterprise CA 4/5: Setup Group Policy

Previous: Subordinate CA   The CA Servers are now configured. Now the domain computers/servers need to trust the certificates which are created by the Subordinate Server. This is done by adding the Root CA certificate to the “Trusted Root Certification Authorities” store.  The certificate can be added in multiple ways, but the easiest way is […]

Setup Server 2019 Enterprise CA 3/5: Subordinate CA

Previous: Offline Root CA   With the Offline Root CA completed, we can now setup of the Subordinate CA server. This server is authorized by the Root CA to issue the certificates. During the setup the CA role will be added and configured. The server will also be authorized by the Root CA  The Subordinate […]

Setup Server 2019 Enterprise CA 2/5: Offline Root CA

Previous: Overview   The Setup will start with the Offline Root CA server. This server will only be used to authorize the Subordinate Server after that it will be turned off and only turned on to renew the Certificate Revocation List (CRL) & Subordinate CA Certificate. The offline CA Server is the OFFENT-CA01 and is […]

Setup Server 2019 Enterprise CA 1/5: Overview

In this Tutorial we’re going to configure a Two-Tier Enterprise PKI with Microsoft Server 2019. The advantage of a Two-Tier Enterprise PKI Hierarchy is that clients only trust the Root CA.  So if a Subordinate server gets compromised the Root CA does not have to be replaced. During normal operation the Root CA will be […]

How to make a synced W10 Hybrid Azure AD device Intune managed

When you normally join a device to the Azure AD and automatic Windows enrollment has been configured. The device will be automatically enrolled in Intune at the moment the device will added to the Azure Active Directory. This will not happen when a device is being synced from the Active Directory to the AzureAD, then […]

How to recreate the AZUREADSSOACC account

To recreate the Azure Active Directory Seamless Single Sign-On (AzureADSSOACC) account follow the following steps:   1. Login on the server where the Azure AD Connector is installed   2. Start PowerShell as administrator and go to the following path c:\program files\Microsoft Azure Active Directory Connect   3. Import the AzureADSSO module: import-module .\AzureADSSO.psd1   […]