Skip to main content

Allow publishing to Active Directory

The computer running Autoenrollment Server must be a member of the Active Directory group Cert Publishers for all domains, including the root domain. This allows the computer to publish newly issued certificates to Active Directory.

To make Autoenrollment server a member of the Cert Publishers group, perform the following steps as the domain administrator on the domain controller.

  1. Open Administrative Tools > Active Directory Users and Computers. Expand the tree view on the left to display your domain and select Users.

  2. Open the Cert Publishers group in the right panel and select the Members tab.

  3. Select Add. Choose the computer running Autoenrollment Server.

Note

You may need to add Computers to the Object Types to search for the computer's name.

Repeat these steps for the Cert Publishers group of every domain in your forest, including the root domain. Run gpupdate /force on the Autoenrollment server to refresh group membership.

Result: After following this procedure, Autoenrollment Server will be installed and ready for certificate enrollment.