To add the enrollment service URL to Active Directory using ADSI Edit, complete the following procedure.
To add the enrollment service URL to Active Directory using ADSI Edit
- Log in to the server hosting Active Directory.
- Open ADSI Edit. Select Start > Windows Administrative Tools > ADSI Edit.
The ADSI Edit dialog box appears.
- In the tree view, expand ADSI Edit > Configuration > CN=Configuration,<suffix> > CN=Services > CN=Public Key Services > CN=Enrollment Services.
- Double-click the Active Directory CA enrollment service.
A Properties dialog box appears.
- Click the Attribute Editor tab.
- Under Attributes, select msPKI-Enrollment-Servers. The URL in this field is preceded by three integers, where:
- The first integer is the Priority of the service URL.
- The second integer is the authentication method: 2 for Kerberos authentication, 4 for username and password authentication.
- The third integer is 0 for certificate enrollment and renewal or 1 for certificate renewal only.
- Click Edit.
Replace the current URL with the URL you built earlier in Building the Enrollment URL.
Do not overwrite the preceding integers when replacing the URL. The integers are required.
- Click OK.