![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 43%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMC%3C/text%3E%3C/svg%3E)
Active Directory
A set of directory-based technologies included in Windows Server.
5,899 questions
PKIView shows DS entry content, not actual entries. If you see no entries in KRA tab in PKIView.msc and see entries in DS KRA container, this means that all records in Active Directory are empty. PKIView.msc looks only for content in userCertificates attribute of every record in this container. If you examine records in Sites and Services snap-in, you will find that userCertificates attribute is empty/not set. This means that you can safely remove these entries from Active Directory.