Renew Exchange Enrollment Agent (Offline)

Ming Cheung 401 Reputation points
2021-12-01T04:32:54.377+00:00

i have to renew CEP and Exchange Agent, CEP is eailer, but Exhcnage agent i have some hesitation,
my company have 1 standalone Root CA, 2 Enterprise CA, 2 NDES respectively
i read articles

use GUI
https://www.sysadmins.lv/retired-msft-blogs/xdot509/steps-for-renewing-ndes-service-certificates.aspx

  1. does step 10 enroll the cert at EntCA? and step 23 import to NDES server?
  2. which permission or group is better for do this process?

use command and renew
https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/renewal-of-enrollment-agent-certificate-fail

  1. does this one also run at EntCA and import to NDES server?
  2. need to change private key permission to IIS service acount?

use command and new one
https://msendpointmgr.com/2020/06/15/how-to-renew-ndes-service-certificates-for-usage-with-microsoft-intune/

  1. at topic Renew expired Enrollment agent certificate, would this better than the renew above?
  2. also run at EntCA and import to NDES?
  3. need to change private key permission to IIS service acount?

any document define all accounts/groups about CA?

sorry i have many questions

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
3,924 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,348 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ming Cheung 401 Reputation points
    2021-12-20T09:21:37.973+00:00

    Please cancel the question