Locate a Certificate Authority in your Active Directory environment

Here is a quick command how to find a Certificate Authority in Active Directory.  This is helpful if you have many domain controllers and are not sure where the Certificate Services role is installed on.

Windows Server 2008 R2 / 2012 R2
Here is what shows up if you have NOT configured a “Certificate Authority” in your domain

C:\>certutil -config – -ping
No active Certification Authorities found: No more data is available. 0x80070103
(WIN32/HTTP: 259)
CertUtil: No more data is available.

Windows Server 2012 R2
Here is another way to find out but this command only works on 2012

C:\Users\Administrator> certutil
Entry 0: (Local)
Name: `mylab-DC-CA’
Organizational Unit: `’
Organization: `’
Locality: `’
State: `’
Country/region: `’
Config: `DC.mylab.local\mylab-DC-CA’
Exchange Certificate: `’
Signature Certificate: `DC.mylab.local_mylab-DC-CA.crt’
Description: `’
Server: `DC.mylab.local’
Authority: `mylab-DC-CA’
Sanitized Name: `mylab-DC-CA’
Short Name: `mylab-DC-CA’
Sanitized Short Name: `mylab-DC-CA’
Flags: `13′
Web Enrollment Servers:
1
2
0
https://dc.mylab.local/mylab-DC-CA_CES_Kerberos/service.svc/CES
0
CertUtil: -dump command completed successfully.

This entry was posted in Microsoft and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *