Resources For IT Professionals
Post an article
Wikis - Page Details
  • First published by (Microsoft)
  • When: 7 Jun 2011 9:11 AM
  • Last revision by (eMicrosoft Partne)
  • When: 29 Apr 2013 4:56 PM
  • Revisions: 3
  • Comments: 2
Options
RSSSubscribe to Article (RSS)
Can You Improve This Article?
Positively! Click Sign In to add the tip, solution, correction or comment that will help other users.

Report inappropriate content using these instructions.
Wiki  >  TechNet Articles  >  AD CS: How to Obtain a List of Certificate Templates that are Superceding other Certificate Templates

AD CS: How to Obtain a List of Certificate Templates that are Superceding other Certificate Templates

AD CS: How to Obtain a List of Certificate Templates that are Superceding other Certificate Templates

Summary


In environments where there are many certificate templates in Active Directory, you may have the need to view which certificate templates are superseding others, and utilizing the Certificate Templates MMC console is not an efficient option. An example of when you might need this data would be if you are troubleshooting a certificate auto-enrollment issue, and you would like to quickly view all superseding settings in your Active Directory forest.

The following command will dump the superseding settings from Active Directory:


ldifde -f con -d "CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=your-forest-root-domain" -r "(msPKI-Supersede-Templates=*)" -p subtree -l distinguishedName,msPKI-Supersede-Templates


Be sure you replace your-forest-root-domain with the correct syntax for your AD forest root domain. Example: If the forest root domain is corp.contoso.com, the syntax would be:

DC=corp,DC=contoso,DC=com



More Information


If you are unsure of the name of your AD forest root domain, run the following command:

nltest /dsgetdc:your-domain-name

Where your-domain-name is the name of the domain you are currently logged into.


Sample nltest output:

nltest /dsgetdc:corp
           DC: \\CORP-DC02
      Address: \\192.168.1.45
     Dom Guid: 98c2e585-25e8-11d3-a5ea-00805f9f21f5
     Dom Name: CORP
  Forest Name: corp.contoso.com
 Dc Site Name: NA-NC
Our Site Name: NA-NC
        Flags: GC DS LDAP KDC TIMESERV WRITABLE DNS_FOREST CLOSE_SITE FULL_SECRET WS
The command completed successfully
, , , , , , , , , , [Edit tags]
Leave a Comment
  • Please add 8 and 7 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • 29 Apr 2013 4:56 PM

    Carsten Siemens edited Revision 1. Comment: fixed typos in text and tags,  but not in title; supercede ->supersede

Page 1 of 1 (1 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Posted by
    on 29 Apr 2013 4:56 PM

    Carsten Siemens edited Revision 1. Comment: fixed typos in text and tags,  but not in title; supercede ->supersede

  • Posted by
    on 2 May 2013 6:37 AM

    nice

Page 1 of 1 (2 items)