Skip to main content


Showing posts from October, 2018

Delegated Installation for an Enterprise Certification Authority with Powershell

By default, to install an Entriprise certification authority (CA), you must be a member of the Enterprise Admins group, or Domain Admins for the root domain. By running the scripts in this topic, you can delegate control to an administrator who doesn’t have these high-privilege permissions.
Use the following procedure to prepare a forest so that a low-privilege administrator can install and configure an enterprise CA.
Grant-ADPermission -GroupDistinguishedName 'CN=PKIAdmins,OU=Groups,OU=Coremans,DC=coremans,DC=internal' -AdRights GenericAll -AccessControlType Allow -Inheritance SelfAndChildren -ObjectType "AllProperties" -InheritedObjectType AllObjects -AdObjectDN 'CN=Public Key Services,CN=Services,CN=Configuration,DC=coremans,DC=internal' -Verbose
Grant-ADPermission -GroupDistinguishedName 'CN=PKIAdmins,OU=Groups,OU=Coremans,DC=coremans,D…