Forgive the crosspost. Webster and myself have some mutual customers that had Certificate Services issues. That being one of my areas of expertise, I worked through the problems and got everyone happy, but then realized the job would've been much much simpler with a script that dumped out everything that Active Directory knows about AD Certificate Services.
So, viola, I wrote one; and I've enhanced it while working through some complex customer scenarios. Webster has offered to do the nice things he does to scripts (Word output, HTML output, code-signing, etc.) but I'd like to make sure that the script is complete before I hand it over to him. So I'm looking for a few good testers. I'd like for you to run the script and send me the output. If it bombs, let me fix it and try again. IT DOESN'T CHANGE ANYTHING. It just reads from AD and the registry. If you have a single server CA, you probably aren't my target scenario - unless it's been migrated and upgraded more than once. Or it was installed by someone who had no clue what they were doing and may have installed the CA a dozen times (it happens - that was a PIECE of the problem at one of my clients). I'm looking for environments with multiple roots, multiple servers in a hierarchy, potentially offline roots with an enterprise hierarchy, etc. If you are interested, please reply to me directly - OFF LIST. Again OFF LIST. Thanks! Regards, Michael B. P.S. There are some things the script could do that it doesn't do - most specifically, validate certs and cross-check CA certs between AIA, CA, CDP, and KRA endpoints. It's doable and a good idea (I needed that in a project a year or two ago), but out of scope for this Version 1. But almost anything else I can think of is fair game.
