Trusted root certificates not synchronize between DC

Tutek 716 Reputation points


I just promoted new serv 2022 to current domain as new domain controller, I see that users, coputers, gpo synchronized.

Policydefenitions are auto created in sysvol folder as central store - so everything is good.

But one GPO have settings to apply to all domain computer one certificate from trusted root, but when I do certlm.msc and go to this folder I don't see that this cert was synchronized on the new DC, on the old DC this cert is visible but not on then new DC.

I have no errors in sync:

PS C:\Users\Administrator.domain> Repadmin /replsummary
Replication Summary Start Time: 2023-03-07 08:42:17

Beginning data collection for replication summary, this may take awhile:

Source DSA          largest delta    fails/total %%   error
 UKS0001                   17m:51s    0 /   5    0
 UKS01                     07m:23s    0 /   5    0

Destination DSA     largest delta    fails/total %%   error
 UKS0001                   07m:23s    0 /   5    0
 UKS01                     17m:51s    0 /   5    0

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,269 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,972 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Thameur-BOURBITA 32,596 Reputation points

    Hi @Tutek

    Try to force the GPO by running the following command :

    gpupdate /force

    Then you can check if the GPO setting for root certificate is well configured in gpo report by running the following command:

    gpresult /H c:\temp\gporeport.html

    Please don't forget to mark helpful answer as accepted