Revoked Certificate in AD DS

Hi All,

Does anyone know if why when I revoke a Windows Server 2008 R2
certificate and publish a new CRL, the cert. still appears in the
user's 'Published Certificates' tab within ADUC?  Shouldn't the cert.
be removed from the user's object too?

Thanks All.
0
Orbital
11/16/2009 8:10:36 PM
windows.server.active_director 902 articles. 0 followers. Follow

2 Replies
858 Views

Similar Articles

[PageSpeed] 57

No.  There is no way to know where this exists from the servers point of 
view.  He just publishes a crl and lets the cleints manage from there.

-- 
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Orbital" <sian.clarke@gmail.com> wrote in message 
news:b8e3720b-216b-4836-8496-e63942c8253a@u20g2000vbq.googlegroups.com...
> Hi All,
>
> Does anyone know if why when I revoke a Windows Server 2008 R2
> certificate and publish a new CRL, the cert. still appears in the
> user's 'Published Certificates' tab within ADUC?  Shouldn't the cert.
> be removed from the user's object too?
>
> Thanks All. 


0
Paul
11/16/2009 9:46:19 PM
"Orbital" <sian.clarke@gmail.com> wrote in message 
news:b8e3720b-216b-4836-8496-e63942c8253a@u20g2000vbq.googlegroups.com...
> Hi All,
>
> Does anyone know if why when I revoke a Windows Server 2008 R2
> certificate and publish a new CRL, the cert. still appears in the
> user's 'Published Certificates' tab within ADUC?  Shouldn't the cert.
> be removed from the user's object too?
>
> Thanks All.


As Paul said, the client side handles that end of it. The server's job is to 
have a current CRL. The client should have moved the bad cert to it's own 
revoked list. Are there any errors on the client or DCs? I assume DNS is 
pointed to your internal DCs only.

-- 
Ace

This posting is provided "AS-IS" with no warranties or guarantees and 
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among 
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check 
http://support.microsoft.com for regional support phone numbers.


0
Ace
11/16/2009 11:53:32 PM
Reply:

Similar Artilces:

adding different address books in Outlook
I would like to add multiple, different sets of email names & addresses, each would be all the people located in each city. Like "Atlanta Folks", then one for "Macon Folks", and another for "Savannah Folks". This way I can send different email letters to all the people in each seperate address or contact books. -- Ted Ted <Ted@discussions.microsoft.com> wrote: > I would like to add multiple, different sets of email names & > addresses, each would be all the people located in each city. Like > "Atlanta Folks", then one fo...

Revoke SQL "securityadmin" role after installation
My DBA have a concern about providing "securityadmin" SQL role to any account. He says he is okay with assigning this role during install but would like to revoke it once installation is complete. Wold there be an issue with removing this privilege? Specifically my question is related to the ability to run STSADM and PCCOnfig commands. Thank you for your help. -- Ashok G Here is Microsofts detailed doc on the account requirements. Your post does not say which account you are talking about. SOme accounts do, some accounts don't need security admin. The Farm...

Hiding a column on a form in DS view
I want to call up a form in DS view with the option of hiding data via an option group. I set me![controlname].visible = false depending on the option called and the control disappears in Form view but not in DS view. Any help is appreciated. -- TIA In Datasheet View you really can't do much in the way of formatting things such as visibility using the Properties Box. To make a column disappear in a Datasheet View, you need to use the ColumnHidden Property: Private Sub Form_Load() Me.YourControlName.ColumnHidden = -1 End Sub To make it visible again you'd use Me.YourControlN...

Outlook 2003 and Exchange : Modifying the From to an AD value
All, To combat spam, I have a single inbox in exchange (xyz@somedomain.com) but with a million alias that are all in Active Directory (we have a page set up where a user can modify his or her own alias entries in AD). Everytime I register with a website (like Amazon.com), I create a new alias (such as amazon@somedomain.com). I only have to check one inbox because all my mail goes there. I never give out the xyz@somedomain.com account only the aliases. Therefore, if I ever start getting spam, I can kill the alias and voila, no more spam and I remember not to use that website that so bad...

Adding content of a field into a begining of a memo field
In a form I have a calculated field that calculates its value using a DLookup() function. I need the content of this field to show up inside a memo field which is on the same form and user can add memo after that. I need this to show up when we create or print a report from this form. How can I do that? On Apr 20, 1:52 pm, Moe <M...@discussions.microsoft.com> wrote: > In a form I have a calculated field that calculates its value using a > DLookup() function. I need the content of this field to show up inside a > memo field which is on the same form and user can add mem...

Help needed to run macro
Argh!!! I think I may have created a macro to resolve an earlier problem, but when I try to run it I get... 'Macros in this workbook are disabled because the security level is high, and the macros have not been digitally signed or verified. To run the macros, you can either have them signed or change your security level.' How can I get my macros to run on my machine, where they are created, without compromising security? I've found and run selfcert.exe but it hasn't made any difference. Do I need to do anything else to make this effective? I'm a novice at this so step ...

Urgent -AD change site disconnect
I could really use some input regarding a change to our AD configuration. In a cost cutting measure we are going to terminate our site to site VPN service with our provider. It is just too expensive to maintain. Currently we use data and phone services over this link. For phone services we will be forwarding calls to cell phones. I'm not sure however how AD will handle this change. At this site we currently have one DC. I'm fine with it being a separate network for now, but I'm not sure what the best configuration is. Can I just break the link between sites? ...

Adding a new condition
Hello all, The formula below works perfectly... =IF(B35="","",IF(K34="W","A",LOOKUP(P34,{"A","B","C","D","E","F"}, {"B","C","D","E","F","A"}))) However a new issue has come up that I must try to deal with... Suppose I'm entering this formula in cell P35. How can I add a line that says IF H35 = "PPD" then ignore lookup and put the contents of cell P34 here? Thank you all for your help! Surely, you can figure it out fr...

Domain certificate error
Hello, I have installed a entreprise CA on my new domain. I see that all my DC recieved a Domain Controler certificate except one. If I check the log I can see two event : First : Eventid 6 : Automatic certificate enrollment for local system failed (0x800706ba) The RPC server is unavailable. Second : EventID 13 : Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from DCSHDCT02.mydomaint.local\mydomain-DCSHDCT02-CA (The RPC server is unavailable. 0x800706ba (WIN32: 1722)). The message seems to be clear, bu...

Adding text to all outgoing messages...
I would like to add a text message to all outgoing mail messages. How can i do this ? Carlos for your text (assuming you are usaing exchange)... http://www.gfi.com/downloads/downloads.aspx?pid=ME&lid=en They provide a free version that does disclaimers. "Carlos Mendes" wrote: > I would like to add a text message to all outgoing mail messages. How > can i do this ? > > Carlos > check this vbs sample http://www.aloaha.com/article/eventsink.html "Carlos Mendes" <cjmendes@confetil.com> schrieb im Newsbeitrag news:51esu09sh1tpfl4usbfbht083cq970...

PWA AD Sync Fails
Hi, I have a production environment PWA that is suddenly dot Syncing with the AD. Been working fore ever with no issues. Error when trying to sync: Standard Information:PSI Entry Point: Project User: Correlation Id: e06bd9fc-4578-4da4-b498-01abef310a9b PWA Site URL: http://inet/PWA SSP Name: SharedServices9 PSError: Success (0) A general exception occurred during communication with Active Directory. Context: BuildUserListProcessContainer. Additional Information: An exception occurred while resolve and active directory object. The object is 'LDAP://domain.local/CN=U...

Adding Contacts
Recently I tried to add a new contact and to my amazement and dismay the last name and first name have gotten switched. When I enter a first name it ends up in the lastname slot and when i enter a last name it ends up in ther first name slot. I am not sure how this happened or what to do about. Any suggestions would be appreciated. -- Johntwo Suggest you look at what setting you specified for the name field in question. We can't help without knowing to what field you are referring and what Outlook version you are using. Outlook is simply doing what you've told it to....

Adding cells that already have formulas
i have a work book with formulas in cells, i need to add the results from the formulas in another cell. Why is something like =A3+B7 or =SUM(A3,B7) no appropriate? Jerry critter wrote: > i have a work book with formulas in cells, i need to add the results from the > formulas in another cell. Sorry i figured it out in my formulas i had "" so the new formula would not read the answers from the cells i had selected. "Jerry W. Lewis" wrote: > Why is something like > =A3+B7 > or > =SUM(A3,B7) > no appropriate? > > Jerry > &g...

adding url in rich text
Hi, When i type a url into the body of a rich text email, such a www.blah... when the email is sent it automatially inserts.. "HYPERLINK "www,blah..." in the message, in front of the url i originally typed., and then th actual url after it. This wasn't happening before, does anyone know how to stop it? many thank ----------------------------------------------- ~~ Message posted from http://www.ExcelTip.com ~~View and post usenet messages directly from http://www.ExcelForum.com ...

Certificates of deposit.
I really like using Money. I bought it a couple of months ago and I plan to stop keeping my financial records in Excel. So far, I have not been able to understand how Money treats Money Market instruments (certificates of deposit). I already have CD's in the system but I do not know how to find a report that will show their interest rate, maturity rate. Also, I am not sure that anything is triggered when the instruments mature and I am afraid that I will miss the renewal date. It makes no sense to write the maturity date in another software to be able to remember it. Can anyone help ...

English blank birth certificates for translation use?
I am trying to find a template for birth certificates. I am trying to translate a Spanish birth certificate into english, and if I can find a form that all I have to do is put in the required information, e.g. name, place of birth, parents name, date of birth, etc, then it would save me time and headaches in trying to translate the whole Spanish certificate into English. I am open to suggestions. Thank you On Fri, 16 Nov 2007 17:13:01 -0800, pttsmickey <pttsmickey@discussions.microsoft.com> wrote: >I am trying to find a template for birth certificates. I am trying to >...

adding header file problem
Does anyone know why or how to prevent the contents (structures / functions) of a header file from being displayed in the workspace's class window, after it has been added to a project with the "Add to Project" then "Files" from the "Project" menu button. Or it this not the correct way to add header files to a project. THere might be some directive to do this, but it is that nature of the class view to display this information, so I doubt there is a way to suppress it. joe On Wed, 29 Nov 2006 17:52:29 GMT, "cdg" <anyone@anywhere.com...

Search a user and ad it to a group in all AD domain from file
Hi all, i'm tring to search a user in AD and add it to a group from a file(txt or excel it's not important). My problem is find the user in all OU AD. It's possible the user is in evry OU (ex.): ou=test,dc=domain,dc=com or in ou=marketing,ou=division,dc=domain,dc=com I write a script for a specific OU(i know the user path and group Path): strOU = "OU=import," strOUg = "OU=Sedi," strUser = "CN=Bill Gates" strGroup = "CN=grup test" ' Bind to Active Directory and get LDAP name Set objRootLDAP = GetObject("LDAP://Root...

After adding 2008 DC to existing 2003 Domain
DHCP Client service fails to start on 2008. Access Denied message. Ideas? I found one MS article that suggested to add Network Service/Allow Full to the registry of HKLM/System/CurrentControlSet/DHCP and HKLM/System/CurrentControlSet/tcpip. I did that, but no-joy. -Frank "Frankster" <frank@SPAM2TRASH.com> wrote in message news:L56dnUC_5_bmq5bWnZ2dnUVZ_vudnZ2d@giganews.com... > DHCP Client service fails to start on 2008. Access Denied message. > > Ideas? > > I found one MS article that suggested to add Network Service/Allow Full to >...

How to revoke calender sharing
I am using Outlook 2007. I remembered that I had shared my calendar to some peoples, but I forgot who. Now I want to review my sharing and removke some of them. Just don't know how to do it though I searched through the menus. Can anyone please help? Thanks. -- Life is the only flaw in an otherwise perfect nonexistence -- Schopenhauer narke ...

unknown user in AD, forward email to admin
Regarding error 5.1.1 The account does not exist at the organizatio this message was sent to. How can I forward email that don't have a valid recipient/email addres set in active directory forwarded to the admin/postmaster account? This is effective if someone tries to send an email to us that spell the email address wrong. I have sorted the NDR's - but the above is slightly different :) quick response is high appriciated! Many thanks Ric - rawkinric ----------------------------------------------------------------------- Posted via http://www.webservertalk.co -----------------...

Certificates
I keep getting an invalid certificate dialog box with instructions to proceed, (yes) (no) (install certificate) It doesn't matter which option I choose, it keeps showing up. What can I do? "Bill M." wrote: > I keep getting an invalid certificate dialog box with instructions to > proceed, (yes) (no) (install certificate) It doesn't matter which option I > choose, it keeps showing up. What can I do? Presuming this is related to your other post, you probably should try: microsoft.public.internetexplorer.general, as it sounds like an issue with IE ...

Adding new DDX Type?
Ok, I'm using a modal dialog box as an options dialog for my current program. I've created a custom class based off of CSliderCtrl to allow the use of floats on the slider (basically, calculating a step ratio and then converting back and forth for interfacing with the CSliderCtrl. However, the DDX still only allows types of ints to be syncronized with variables. Can I create my own function for my new class for DDX, or am I stuck with handling it in the OnOK() portion of the dialog? Thanks, Josh McFarlane If you're doing something this involved, I'm assuming that you're...

Missing from GAL and AD but mailbox in Information Store
Hi, I have an odd situation. There is a user that has disappeared out of the GAL and AD. The user is still logged in and has a mailbox in the information store. Her mailbox is the only indication that she still exists on the network. This is an odd situation that I have never seen before. Please help. -- Thank you for your help! JYC - Since you said disappeared, I'm assuming this is not a new recipient but one that showed up in GAL before - Can the recipient be seen in the GAL using Outlook online mode, or is this a Cached Mode issue? - Can the recipient be resolved when typ...

Adding Field Values
Has anyone added values in fields to give a total? There are 20 fields. 1 - 19 have a value (say 5 each) Field number 20 requires the total of 19 x 5. Any assistance greatly appreciated. Cheers, Mandy. Hi Mandy You can use JavaScript on Form onLoad or onSave to do it. sample code: var sum = crmForm.all.[fieldname1].DataValue + crmForm.all.[fieldname2].DataValue + crmForm.all.[fieldname3].DataValue + ... var total = sum * 5; crmForm.all.[fieldname20].DataValue = total; Hope this helps! Darren Liu Crowe Chizek and Company http://www.crowecrm.com Mandy wrote: > Has anyone added...