1,923 questions
The simple answer is "no". Only CA role is registered in AD, thus CAs support auto-discovery. Other ADCS roles are not registered and doesn't support auto-discovery.
Locate servers with Certificate Authority Web Enrollment and Certificate Enrollment Web Service roles
Mishaua
741
Reputation points
Is there a command to see servers with Certificate Authority Web Enrollment and/or Certificate Enrollment Web Service roles? I see that certutil.exe has a "Web Enrollment Servers" section is that where servers with the "Certificate Enrollment Web Service" should be listed? How about "Certificate Authority Web Enrollment"?
Windows for business | Windows Server | Devices and deployment | Configure application groups
2 answers
Sort by: Most helpful
-
-
Mishaua 741 Reputation points
2022-10-20T19:39:46.217+00:00 I guess you could query ad for computers that have delegation enabled on the computer object to narrow down the roles. What roles besides "Certificate Authority Web Enrollment" require the computer account to have delegation enabled?
-
Vadims Podāns 9,186 Reputation points MVP2022-10-21T07:10:57.267+00:00 This is the least reliable lookup option. ADCS web services apps often use service accounts with configured delegation. In addition, web services not always require delegation at all.
Sign in to comment -