![\"2015-11-04_1045\"](\"https:\/\/www.postinger.com\/wp-content\/uploads\/2015\/11\/2015-11-04_1045.png\")
<\/a><\/p>\n1) On the parent domain,\u00a0 on a\u00a0global catalog domain controller\u00a0(Run from an elevated cmd prompt)<\/h4>\ndsmod group \"CN=Cert Publishers,CN=Users,DC=domain,DC=company,DC=com\" -scope u\ndsmod group \"CN=Cert Publishers,CN=Users,DC=domain,DC=company,DC=com\" -scope l<\/pre>\n2) For each<\/span> child domains, on a\u00a0global catalog domain controller (Run from an elevated cmd prompt)<\/h6>\n<\/h6>\ndsmod group \"CN=Cert Publishers,CN=Users,DC=child,DC=domain,DC=company,DC=com\" -scope u\ndsmod group \"CN=Cert Publishers,CN=Users,DC=child,DC=domain,DC=company,DC=com\" -scope l<\/pre>\ndsacls \"DC=child,DC=domain,DC=company,DC=com\" \/I:S \/G \"domain\\Cert Publishers\":RP;userCertificate\ndsacls \"DC=child,DC=domain,DC=company,DC=com\" \/I:S \/G \"domain\\Cert Publishers\":WP;userCertificate<\/pre>\ndsacls \"cn=adminsdholder,cn=system,DC=child,DC=domain,DC=company,DC=com\" \/G \"domain\\Cert Publishers\":RP;userCertificate\ndsacls \"cn=adminsdholder,cn=system,DC=child,DC=domain,DC=company,DC=com\" \/G \"domain\\Cert Publishers\":WP;userCertificate<\/pre>\n3) Add the computer objects for your certification authorities\u00a0to the group \u00a0“Cert Publishers” on each domain.
\n4) Finally, on your certification authorities run the following ((Run from an elevated cmd prompt))<\/p>\n
certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG\nnet stop certsvc\nnet start certsvc<\/pre>\n","protected":false},"excerpt":{"rendered":"After upgrading from a 2003 to 2008 R2 certification\u00a0authorities I noticed warnings for\u00a0event ID 80 in the CA logs. \u00a0I think I have the fix worked out. Essentially you need to convert global groups to universal then to domain local. Add the CA computer objects, then set some permissions. Replace the paths with your domain […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_links_to":"","_links_to_target":""},"categories":[7],"tags":[],"class_list":["post-736","post","type-post","status-publish","format-standard","hentry","category-tech"],"_links":{"self":[{"href":"https:\/\/www.postinger.com\/index.php\/wp-json\/wp\/v2\/posts\/736","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.postinger.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.postinger.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.postinger.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.postinger.com\/index.php\/wp-json\/wp\/v2\/comments?post=736"}],"version-history":[{"count":0,"href":"https:\/\/www.postinger.com\/index.php\/wp-json\/wp\/v2\/posts\/736\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.postinger.com\/index.php\/wp-json\/wp\/v2\/media?parent=736"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.postinger.com\/index.php\/wp-json\/wp\/v2\/categories?post=736"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.postinger.com\/index.php\/wp-json\/wp\/v2\/tags?post=736"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
2) For each<\/span> child domains, on a\u00a0global catalog domain controller (Run from an elevated cmd prompt)<\/h6>\n<\/h6>\ndsmod group \"CN=Cert Publishers,CN=Users,DC=child,DC=domain,DC=company,DC=com\" -scope u\ndsmod group \"CN=Cert Publishers,CN=Users,DC=child,DC=domain,DC=company,DC=com\" -scope l<\/pre>\ndsacls \"DC=child,DC=domain,DC=company,DC=com\" \/I:S \/G \"domain\\Cert Publishers\":RP;userCertificate\ndsacls \"DC=child,DC=domain,DC=company,DC=com\" \/I:S \/G \"domain\\Cert Publishers\":WP;userCertificate<\/pre>\ndsacls \"cn=adminsdholder,cn=system,DC=child,DC=domain,DC=company,DC=com\" \/G \"domain\\Cert Publishers\":RP;userCertificate\ndsacls \"cn=adminsdholder,cn=system,DC=child,DC=domain,DC=company,DC=com\" \/G \"domain\\Cert Publishers\":WP;userCertificate<\/pre>\n3) Add the computer objects for your certification authorities\u00a0to the group \u00a0“Cert Publishers” on each domain.
\n4) Finally, on your certification authorities run the following ((Run from an elevated cmd prompt))<\/p>\n
certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG\nnet stop certsvc\nnet start certsvc<\/pre>\n","protected":false},"excerpt":{"rendered":"After upgrading from a 2003 to 2008 R2 certification\u00a0authorities I noticed warnings for\u00a0event ID 80 in the CA logs. \u00a0I think I have the fix worked out. Essentially you need to convert global groups to universal then to domain local. Add the CA computer objects, then set some permissions. Replace the paths with your domain […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_links_to":"","_links_to_target":""},"categories":[7],"tags":[],"class_list":["post-736","post","type-post","status-publish","format-standard","hentry","category-tech"],"_links":{"self":[{"href":"https:\/\/www.postinger.com\/index.php\/wp-json\/wp\/v2\/posts\/736","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.postinger.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.postinger.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.postinger.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.postinger.com\/index.php\/wp-json\/wp\/v2\/comments?post=736"}],"version-history":[{"count":0,"href":"https:\/\/www.postinger.com\/index.php\/wp-json\/wp\/v2\/posts\/736\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.postinger.com\/index.php\/wp-json\/wp\/v2\/media?parent=736"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.postinger.com\/index.php\/wp-json\/wp\/v2\/categories?post=736"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.postinger.com\/index.php\/wp-json\/wp\/v2\/tags?post=736"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
dsmod group \"CN=Cert Publishers,CN=Users,DC=child,DC=domain,DC=company,DC=com\" -scope u\ndsmod group \"CN=Cert Publishers,CN=Users,DC=child,DC=domain,DC=company,DC=com\" -scope l<\/pre>\ndsacls \"DC=child,DC=domain,DC=company,DC=com\" \/I:S \/G \"domain\\Cert Publishers\":RP;userCertificate\ndsacls \"DC=child,DC=domain,DC=company,DC=com\" \/I:S \/G \"domain\\Cert Publishers\":WP;userCertificate<\/pre>\ndsacls \"cn=adminsdholder,cn=system,DC=child,DC=domain,DC=company,DC=com\" \/G \"domain\\Cert Publishers\":RP;userCertificate\ndsacls \"cn=adminsdholder,cn=system,DC=child,DC=domain,DC=company,DC=com\" \/G \"domain\\Cert Publishers\":WP;userCertificate<\/pre>\n3) Add the computer objects for your certification authorities\u00a0to the group \u00a0“Cert Publishers” on each domain.
\n4) Finally, on your certification authorities run the following ((Run from an elevated cmd prompt))<\/p>\ncertutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG\nnet stop certsvc\nnet start certsvc<\/pre>\n","protected":false},"excerpt":{"rendered":"After upgrading from a 2003 to 2008 R2 certification\u00a0authorities I noticed warnings for\u00a0event ID 80 in the CA logs. \u00a0I think I have the fix worked out. Essentially you need to convert global groups to universal then to domain local. Add the CA computer objects, then set some permissions. Replace the paths with your domain […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_links_to":"","_links_to_target":""},"categories":[7],"tags":[],"class_list":["post-736","post","type-post","status-publish","format-standard","hentry","category-tech"],"_links":{"self":[{"href":"https:\/\/www.postinger.com\/index.php\/wp-json\/wp\/v2\/posts\/736","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.postinger.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.postinger.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.postinger.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.postinger.com\/index.php\/wp-json\/wp\/v2\/comments?post=736"}],"version-history":[{"count":0,"href":"https:\/\/www.postinger.com\/index.php\/wp-json\/wp\/v2\/posts\/736\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.postinger.com\/index.php\/wp-json\/wp\/v2\/media?parent=736"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.postinger.com\/index.php\/wp-json\/wp\/v2\/categories?post=736"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.postinger.com\/index.php\/wp-json\/wp\/v2\/tags?post=736"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}