Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs a Server Core installation of Windows Server 2012 R2.
You need to deploy a certification authority (CA) to Server1. The CA must support the auto- enrollment of certificates.
Which two cmdlets should you run? (Each correct answer presents part of the solution. Choose two.)
A. Add-CAAuthoritylnformationAccess
B. Install-AdcsCertificationAuthority
C. Add-WindowsFeature
D. Install-AdcsOnlineResponder
E. Install-AdcsWebEnrollment
Correct Answer: BE
Explanation/Reference:
Explanation
B. The Install-AdcsCertificationAuthority cmdlet performs installation and configuration of the AD CS CA role service. It can be used to install a root CA. Example:
Install-AdcsCertificationAuthority -CAType StandaloneRootCA -CACommonName “ContosoRootCA” -KeyLength 2048 -HashAlgorithm SHA1 – CryptoProviderName “RSA#Microsoft Software Key Storage Provider”
E: The Install-AdcsWebEnrollment cmdlet performs initial installation and configuration of the Certification Authority Web Enrollment role service.
Note: Prior to the availability of Certificate Enrollment Web Services, AD CS required that client computers configured for certificate auto-enrollment be connected directly to the corporate network. Certificate Enrollment Web Services allows organizations to enable AD CS using a perimeter network. This allows users and computers outside the corporate network to enroll for certificates.
Certificate Enrollment web service
Reference: Deploying AD CS Using Windows PowerShell
