Share via

Best Practices Analyzer for Active Directory Certificate Services: Configuration

Applies To: Windows Server 2008 R2, Windows Server 2012

The topics in this section can help you bring Active Directory Certificate Services (AD CS) into compliance with configuration best practices. Content in this section is most valuable to administrators who have completed a Best Practices Analyzer scan of AD CS and who want information about how to interpret and resolve scan results that identify areas of AD CS that are noncompliant with configuration best practices.

Best Practices Analyzer and configuration rules

The Best Practices Analyzer applies configuration rules to identify settings that might require modification for AD DS to perform optimally. Configuration rules can help prevent setting conflicts that can result in error messages or prevent AD DS from carrying out its prescribed duties in an enterprise.

For more information about Best Practices Analyzer and scans, see Best Practices Analyzer (

Topics in this section