ADCS has become site-aware in Windows Server 2012

One of the largely unheralded big new features of Active Directory Certificate Services is that it can now be configured to be site-aware!

This is accomplished by following the detailed steps that are described on the ADCS Wiki link below.

The short version is however as follows:

  1. set the CA to detect which AD site it is in by running the following on the W2k12 CA server:
    certutil -f -setcasites set
  2. set the Windows 8 client to query AD site information about which CA it should enroll for by running the following on the client side:
    certutil -setreg EnrollEnrollFlags 2

…then add some suger and bake for 30 minutes in the oven, that’s it! 🙂


AD DS Site Awareness for AD CS and PKI Clients

What’s New in AD CS [in Windows Server 2012]?


Comments (1)

  1. Hi Ingolfur,

    FYI the registry change is *not* required on Windows 8 as the functionality is included by default. The wiki entry here:…/ has recently been updated to reflect this.