question

51892182 avatar image
0 Votes"
51892182 asked 51892182 commented

Site and Service objects not identical to PKIview

i found that what ADSI shows is totally identical to what Site and Service shows,

but they are not identical to what PKIview -> manager AD containers shows

in my company AD, i see KRA have 5 objects left, but manager AD containers shows nothing

thank you
139589-image.png


139692-image.png


windows-active-directorywindows-server-security
image.png (54.5 KiB)
image.png (9.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Crypt32 avatar image
0 Votes"
Crypt32 answered 51892182 commented

PKIView shows DS entry content, not actual entries. If you see no entries in KRA tab in PKIView.msc and see entries in DS KRA container, this means that all records in Active Directory are empty. PKIView.msc looks only for content in userCertificates attribute of every record in this container. If you examine records in Sites and Services snap-in, you will find that userCertificates attribute is empty/not set. This means that you can safely remove these entries from Active Directory.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you Crypt32

0 Votes 0 ·