3.1.4.1.1 EFS Certificate Enrollment Algorithm

This algorithm describes the process used to enroll for an EFS certificate, and is triggered by the higher-layer event described in section 3.1.4.1. In order for an EFS server to enroll for a certificate, the server MUST be a member of some Active Directory domain. The Lightweight Directory Access Protocol (LDAP) search and modify operations used by this algorithm are specified in sections 4.5 and 4.6 of [RFC2251]. Section 3.1.1.3 of [MS-ADTS] describes the profile of LDAP as implemented by the Active Directory domain controller (DC). All LDAP operations used in this algorithm are assumed to be performed against a DC located as described in [MS-ADOD] section 2.7.7.3.1.