objectGUID for DC certificate

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

I understand a Domain Controller certificate that is to be used for
replication requires the objectGUID corresponding to the DC.

1) How do I get the objectGUID of the DC? The output from
enumprop.exe and when I use ADSI Edit and examine the objectGUID for
the DC's entry is different.

2) What is the format of getting that objectGUID into the certificate?
It looks like I need to use otherName structure in the subjectAltName
certificate field. Do I include the hyphens in the string, etc...?

Thanks in advance for any help.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Are you asking how to programmatically do the certificate request for a
domain controller certificate?

If so, you may want to post this to the microsoft.public.security.crypto
newsgroup.
--

Tim Springston
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
"Valid Email" <validemail55@yahoo.com> wrote in message
news:8b4253.0411300813.44913851@posting.google.com...
>I understand a Domain Controller certificate that is to be used for
> replication requires the objectGUID corresponding to the DC.
>
> 1) How do I get the objectGUID of the DC? The output from
> enumprop.exe and when I use ADSI Edit and examine the objectGUID for
> the DC's entry is different.
>
> 2) What is the format of getting that objectGUID into the certificate?
> It looks like I need to use otherName structure in the subjectAltName
> certificate field. Do I include the hyphens in the string, etc...?
>
> Thanks in advance for any help.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

What exactly are you trying to do? Maybe we can help you solve the
underlying problem rather than your specific questions. Also, any
background would be helpful -- Inter/intra site replication? Do you have a
CA? Is it in the same domain?

--
Ryan Hanisco
MCSE, MCDBA
Flagship Integration Services

"Valid Email" <validemail55@yahoo.com> wrote in message
news:8b4253.0411300813.44913851@posting.google.com...
> I understand a Domain Controller certificate that is to be used for
> replication requires the objectGUID corresponding to the DC.
>
> 1) How do I get the objectGUID of the DC? The output from
> enumprop.exe and when I use ADSI Edit and examine the objectGUID for
> the DC's entry is different.
>
> 2) What is the format of getting that objectGUID into the certificate?
> It looks like I need to use otherName structure in the subjectAltName
> certificate field. Do I include the hyphens in the string, etc...?
>
> Thanks in advance for any help.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Not exactly, for various reasons I have my own code and CA and have
been able to issue DC its own certificate that is usable for a
multiple of services (SmartCard Logon, SSL, etc...), however I would
like to the DC to use my certificate for AD replication and understand
that for this the DC certificate requires its objectGUID to appear in
the subjectAltName field in the form of OtherName. However, to do
this I need further information on the format of objectGUID.

Alternatively, if someone has a DC certificate that is used for AD
replication could they post it here (or email me) along with the
output of:

enumprop.exe /ATTR:eek:bjectGUID "LDAP://OU=Domain
Controllers,.....your.DN...."

from that I should be able to figure out what the format needs to be.

Thanks.


"Tim Springston [MSFT]" <tspring@online.microsoft.com> wrote
> Are you asking how to programmatically do the certificate request for a
> domain controller certificate?
>
> If so, you may want to post this to the microsoft.public.security.crypto
> newsgroup.
> --
>
> Tim Springston
> Microsoft Corporation
>
> "Valid Email" <validemail55@yahoo.com> wrote
> >I understand a Domain Controller certificate that is to be used for
> > replication requires the objectGUID corresponding to the DC.
> >
> > 1) How do I get the objectGUID of the DC? The output from
> > enumprop.exe and when I use ADSI Edit and examine the objectGUID for
> > the DC's entry is different.
> >
> > 2) What is the format of getting that objectGUID into the certificate?
> > It looks like I need to use otherName structure in the subjectAltName
> > certificate field. Do I include the hyphens in the string, etc...?
> >
> > Thanks in advance for any help.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom