My apologies. I copied his address, typed my reply, and hit send before replacing the reply-to address.
I'll go back to my corner. - Sean > On Oct 31, 2017, at 3:38 PM, Webster <webs...@carlwebster.com> wrote: > > Mmmm, "If you are interested, please reply to me directly - OFF LIST. Again > OFF LIST." > > Thanks > > > Carl Webster > Citrix Technology Professional Fellow | iGel Tech Community Insider | > Parallels VIPP > http://www.CarlWebster.com > The Accidental Citrix Admin > > From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] > On Behalf Of Sean Martin > Sent: Tuesday, October 31, 2017 6:18 PM > To: ntsysadm@lists.myitforum.com > Subject: Re: [NTSysADM] Crosspost: Do you have a complex certificate services > environment? > > Hey Michael, > > I wouldn't mind testing it out for you. We have a fairly simple CA > environment (offline root, online intermediate) in a Windows 2008 R2 AD > environment. > > - Sean > > On Tue, Oct 31, 2017 at 12:40 PM, Michael B. Smith <mich...@smithcons.com> > wrote: > Forgive the crosspost. > > Webster and myself have some mutual customers that had Certificate Services > issues. That being one of my areas of expertise, I worked through the > problems and got everyone happy, but then realized the job would’ve been much > much simpler with a script that dumped out everything that Active Directory > knows about AD Certificate Services. > > So, viola, I wrote one; and I’ve enhanced it while working through some > complex customer scenarios. > > Webster has offered to do the nice things he does to scripts (Word output, > HTML output, code-signing, etc.) but I’d like to make sure that the script is > complete before I hand it over to him. > > So I’m looking for a few good testers. I’d like for you to run the script and > send me the output. If it bombs, let me fix it and try again. IT DOESN’T > CHANGE ANYTHING. It just reads from AD and the registry. > > If you have a single server CA, you probably aren’t my target scenario – > unless it’s been migrated and upgraded more than once. Or it was installed by > someone who had no clue what they were doing and may have installed the CA a > dozen times (it happens – that was a PIECE of the problem at one of my > clients). I’m looking for environments with multiple roots, multiple servers > in a hierarchy, potentially offline roots with an enterprise hierarchy, etc. > > If you are interested, please reply to me directly - OFF LIST. Again OFF LIST. > > Thanks! > > Regards, > Michael B. > > P.S. There are some things the script could do that it doesn’t do – most > specifically, validate certs and cross-check CA certs between AIA, CA, CDP, > and KRA endpoints. It’s doable and a good idea (I needed that in a project a > year or two ago), but out of scope for this Version 1. But almost anything > else I can think of is fair game. > >