Certificate Services Archives - Kevin Justin's Blog

ADCS 'gift' certificate - don't we all wish! — ADCS ‘gift’ certificate – don’t we all wish!

If only certificates were all gift certificates! The ‘ADCS Addendum packs’ disables noisy rules, adds OCSP seed, OCSP responder and OCSP group (classes). Recovery and service monitoring and nCipher event are the main highlights reducing alerts for ADCS 2012,2012R2,2016+. My thanks to Bob Williams CSA, for the assist!

Quick Download(s)

2012 HTTPS://GITHUB.COM/THEKEVINJUSTIN/ADCS2012QAddendum

2012R2 HTTPS://GITHUB.COM/THEKEVINJUSTIN/ADCS2012R2ADDENDUM/

2016+ https://github.com/theKevinJustin/ADCS2016-Addendum

Overview of addendum capabilities

Remember the why addendum packs for guiding purpose, transform!

The ADCS Addendum packs discover OCSP (seed class), and OCSP responder registry keys installed on monitored servers.

Group discovery tailors OCSP classes, for subscription or alert tuning.

OCSP server group can be used for subscription, or alert tuning (depending on class targets)

Monitors and service recoveries keep OCSP services monitored, and only alert when manual intervention is required.

OCSP service, certsvc monitors and service recovery automations built in

Tailoring the pack(s) to your environment

First, you must have at least ONE (1) set of ADCS Active Directory Certificate Services management packs so the ‘ADCS Addendum pack’ will load. The three versions currently supported have addendums, hopefully 2012,2012R2 are planned to be decommissioned in the short term.

Second, if you don’t have OCSP in your environment, download, and then import into your environment –

ELSE

Update the ‘OCSP Responder’ server name(s) for the group regular expressions.

In your favorite XML editor (mine is Notepad++), open the addendum pack(s), and find/replace for the following strings:

CAServer##

CERTIFICATESERVERS##

Save pack

Import and enjoy!

Documentation

ADCS 2016+ version agnostic pack download

ADCS 2012/2012R2 management packs download

Time to talk Certificates! — Certificate of Achievement

Hello again, it’s time to talk about ADCS – Active Directory Certificate Services Addendum!

First, I’d like to call out Bob Williams and Vance Cozier for their help and expertise!

SCOM-ADCS-Addendum download

Background

ADCS is Active Directory Certificate Services, or what we would know as a Certificate Authority. The goal was to improve the pack, because the focus is on how important certificates are to a modern enterprise. Let’s begin the Active Directory Certificate Services Addendum pack review.

Collaboration

In this paragraph, let’s talk through the Certificate Services packs for 2016+, and how we as Microsoft consultants, and field engineers, recommend changes to the pack. First, for some background, the collaboration process gets a better result improving Microsoft products. Second, the collaboration result can vary. Third, collaboration input can be based on customer input, or field engineer experience. Most importantly, this is how we ‘would have liked’ the pack to work.

AD Certificate Services Monitoring

The Certificate services pack alerts on events/services. Therefore, the pack does NOT monitor the SCEP URL. For instance, a transaction web monitor was added. The collaboration effort was focused on improving the ADCS pack, resulting in the creation of the Active Directory Certificate Services Addendum and customizations packs.

Tag: Certificate Services

ADCS Addendum packs