PKIView shows DS entry content, not actual entries. If you see no entries in KRA tab in PKIView.msc and see entries in DS KRA container, this means that all records in Active Directory are empty. PKIView.msc looks only for content in userCertificates
attribute of every record in this container. If you examine records in Sites and Services snap-in, you will find that userCertificates
attribute is empty/not set. This means that you can safely remove these entries from Active Directory.
Site and Service objects not identical to PKIview
Ming Cheung
421
Reputation points
i found that what ADSI shows is totally identical to what Site and Service shows,
but they are not identical to what PKIview -> manager AD containers shows
in my company AD, i see KRA have 5 objects left, but manager AD containers shows nothing
thank you
Accepted answer
-
Vadims Podāns 9,131 Reputation points MVP
2021-10-13T09:21:04.95+00:00