Professional Documents
Culture Documents
Configuring and Troubleshooting Identity and Access Solutions With Windows Server® 2008 Active Directory®
Configuring and Troubleshooting Identity and Access Solutions With Windows Server® 2008 Active Directory®
• Maintaining AD LDS
• Maintaining AD FS
• Maintaining AD RMS
Lesson 1: Supporting AD CS
• Common AD CS Maintenance Tasks
Renewing CA certificate
Issue and
Certificate Allows approving of certificate enrollment and revocation
Manage
Manager requests. This is a CA role, also called as CA officer.
Certificates
• Back up file
and
Backup directories Allows performing of system backup and recovery. Backup is
Operator • Restore file an operating system feature.
and
directories
•Read
Allows requesting of certificates from a CA. This is not a CA
Enrollees
•Enroll role. Enrollees are authorized clients for this purpose.
Tools Used to Maintain AD CS
Server Manager
Certutil.exe
AD CS
Certification Authority
snap-in
Certificate Templates
snap-in
Enterprise PKI snap-in
Configuration of CA Event Auditing
CA
• Backing Up AD LDS
Stop the AD LDS instance for which the data will be restored.
Use the backup program to restore the instance and overwrite existing
files.
Restart the AD LDS instance.
Consider the following when data to an new AD LDS instance that does not
belong to a configuration set:
Create a new instance specifying the same settings used during the
original AD LDS installation, without creating an application partition.
Stop the newly created AD LDS instance.
Use the backup program to restore the instance and overwrite existing
files.
Restart the AD LDS instance.
Performing an Authoritative Restore of Data on
an AD LDS Instance
AD LDS
Back Up Program
dsdbutil
• Monitoring AD FS Events
• Backing Up AD FS Components
AD FS Maintenance Tasks
Managing Server
Authorization
and Token
Certificates
Manufacturer Supplier
Monitoring and
Resource
Analyzing Event
Account Partner Log Levels
Partner
AD FS
Backing up AD
FS Components
AD FS
AD FS
Monitoring AD FS Events
AD FS Trust Policy Event Log levels can be configured to provide the following
information:
• Decommissioning AD RMS
AD RMS Maintenance Tasks
AD RMS
AD RMS
• To verify:
Requestor identification
Time of making
Source IP address
RMS server identification that handled the request
Success of request
Viewing AD RMS Reports
• Exercise 3: Backing up a CA
Logon information