Introduction
Learn about the Active Directory Certificate Services (AD CS) concepts and administration tasks, including types of certification authorities (CAs), the process of issuing and revoking certificates, and establishing certificate trusts.
Scenario
Contoso, Ltd. is a financial services company in Seattle with major offices located throughout the world. Most of its compute environment runs on-premises on Windows Server. This includes virtualized workloads on Windows Server 2016 hosts.
Contoso IT staff are migrating Contoso on-premises servers to Windows Server 2019. As part of the migration, Contoso plans to expand into additional sites and use virtualization to help expedite bringing a new site online. The company is also generating larger volumes of data with plans for even more data in the future. Because of this, the company needs flexible storage options. Finally, Contoso plans to increase the use of virtualization to optimize their computing environment because many physical servers are underutilized.
As part of its technology modernization initiative, Contoso plans to implement its internal public key infrastructure (PKI) by deploying AD CS. As a new Windows Server administrator, you are responsible for designing the certification authority hierarchy, implementing it, and managing the process of issuing and revoking certificates. You also need to ensure that appropriate certificate trusts are in place.
Learning objectives
After completing this module, you'll be able to:
- Identify the purpose of PKI and components of AD CS.
- Identify types of AD CS certification authorities and the process of implementing them.
- Manage certificate enrollment.
- Manage certificate revocation.
- Manage certificate trusts.
Prerequisites
To get the best learning experience from this module, you should have knowledge and experience of:
- Windows Server 2012 or Windows Server 2016.
- Core networking technologies.
- Active Directory Domain Services (AD DS).