Autoenrollment Server 設定の自動化
注記
手動設定フローを使用してAutoenrollment Server を設定した場合、このページの手順を飛ばします。
Windows Server がドメインコントローラに参加している場合、グループポリシー管理コンソール(GPMC)を追加します。
グループポリシー管理コンソール(GPMC)を追加するには、次の手順を実行します。
[サーバーマネージャー]ツールを開きます。
[管理]>[ロールと機能の追加]を選択します。
[機能]メニューが表示されるまで、[ロールと機能の追加] ウィザードを進めます。
使用可能な機能のリストから[グループポリシー管理]を選択します。
[インストール]を選択し、ウィザードの手順に従います。
以下は、ポリシー設定を更新する ConfigureAES.bat スクリプトの出力例です。
AEServer インストールディレクトリに移動し、次のコマンドを実行します。
cd .\ConfigureAES .\ConfigureAES.bat "<AEServerInstallationPath>" For example: .\ConfigureAES.bat "C:\Program Files\DigiCert\AEServer"
詳細については、『インストールとデプロイ』ガイドを参照してください。
C:\Program Files\DigiCert\AEServer\ConfigureAES>.\ConfigureAES.bat "C:\Program Files\DigiCert\AEServer"
This script automates the configuration of DCOM access rights, firewall settings and Group Policies required
for the DigiCert Autoenrollment Server (AES) to function properly within your domain environment. It ensures
the necessary permissions are applied to relevant groups and updates the Default Domain Controllers Policy GPO
to enable smooth certificate autoenrollment for users, computers, and domain controllers.
For detailed information, refer the Deployment Guide:
https://docs.digicert.com/en/trust-lifecycle-manager/integration-guides/autoenrollment-server/install-and-deploy.html
Do you want to proceed? [(Y)es/(E)xit]:Y
========================================================================
Step 1: Configure DCOM access rights and set autoenrollment permissions
========================================================================
This step will configure the required Distributed Component Object Model (DCOM) access rights and
sets permissions for the Autoenrollment Server (AES).
Prerequisites
- You must have permission to modify DCOM configuration settings (Domain Administrators or Enterprise
Administrators have this permission by default).
Groups granted access permissions and launch and activation permissions (local and remote)
- Domain Users
- Domain Computers
- Domain Controllers
Do you want to proceed? [(Y)es/(S)kip this step/(E)xit]:Y
Enabling Distributed COM on this Computer... [In progress]
Enabling Distributed COM on this Computer... [Completed]
Setting DCOM access permissions for AutoEnrollmentDCOMSrv... [In progress]
Setting launch and activation permissions for AutoEnrollmentDCOMSrv... [In progress]
Setting DCOM access permissions for AutoEnrollmentDCOMSrv... [Completed]
Setting launch and activation permissions for AutoEnrollmentDCOMSrv... [Completed]
========================================================================
Step 2: Configure firewall settings
========================================================================
This step will ensure that the DigiCert Autoenrollment Server can communicate through the
system's firewall by configuring a firewall exception on the computer running Autoenrollment Server.
Do you want to proceed? [(Y)es/(S)kip this step/(E)xit]:Y
Configuring firewall exception for the Autoenrollment Server... [In progress]
Configuring firewall exception for the Autoenrollment Server... [Completed]
========================================================================
Step 3: Update group policies
========================================================================
This step will configure the Group Policy Object (GPO) for the Autoenrollment Server (AES).
The following settings will be enabled:
Computer configuration
- Configuration Model
- Renew expired certificates, update pending certificates, and remove revoked certificates
- Update certificates that use certificate templates
User configuration
- Configuration Model
- Renew expired certificates, update pending certificates, and remove revoked certificates
- Update certificates that use certificate templates
Do you want to proceed? [(Y)es/(S)kip this step/(E)xit]:Y
Available GPOs:
[0] Default Domain Policy
[1] Default Domain Controllers Policy
Enter the number(s) of the GPOs you want to update, separated by commas (or type 'ALL' to process all GPOs).
Selection: 0
Updating group policies... [In progress]
Processing GPO: Default Domain Policy (31b2f340-016d-11d2-945f-00c04fb984f9)
Updating group policies... [Completed]
DigiCert Autoenrollment Server configuration completed successfully.
For more details, refer to the logs: "C:\Program Files\DigiCert\AEServer\ConfigureAES\logs\ConfigureAES.log.2025-11-24"
C:\Program Files\DigiCert\AEServer\ConfigureAES>次の手順: