Hello S-1-1-0, here is the fourth part of an "AD CS Partitioned CRLs - A Comprehensive Guide" blog post series.

All posts in this series:

• Part 1 - Introduction
• Part 2 - Design Strategies
• Part 3 - Configuration Components
• Part 4 - Recipe Guide (current)
• Part 5 - Partitioned CRL API and Events

In previous post, I provided information about partitioned CRL design, description and configuration commands. This blog post will summarize this knowledge by providing quick guides to configure all partitioning strategies (A1, A2, B1 and B2) which you can use as a recipe template. Refer to Part 2 in this series for additional information aboud different CLR partitioning strategies.

Recipe Guide

This section will include configuration required by all subsequent sections.

Command examples include CRLPublicationURLs config setting, which is provided as an example to point how <CRLPartitionIndex> variable is defined and new flags in front of HTTP URL. Adapt URLs to match your environment.

Hello all, here is a third part of an "AD CS Partitioned CRLs - A Comprehensive Guide" blog post series.

All posts in this series:

• Part 1 - Introduction
• Part 2 - Design Strategies
• Part 3 - Configuration Components (current)
• Part 4 - Recipe Guide
• Part 5 - Partitioned CRL API and Events

In this part, I will explain Partitioned CRL configuration elements and their behavior.

In general, partitioned CRL consist of several configuration elements that MUST be configured in single batch. CA service will fail if any of mandatory configurations is not complete. Here is the list of all configuration options with indication which are mandatory:

• Global enablement switch (mandatory)
• Design strategy type
• CRL partition count (mandatory)
• Partition assignment algorithm
• CDP extension configuration (mandatory)
• Partition suspension

The following sections will go through each configuration element.

Hello S-1-1-0, here is a second part of an "AD CS Partitioned CRLs - A Comprehensive Guide" blog post series.

All posts in this series:

• Part 1 - Introduction
• Part 2 - Design Strategies (current)
• Part 3 - Configuration Components
• Part 4 - Recipe Guide
• Part 5 - Partitioned CRL API and Events

In this part, I will explain Partitioned CRL strategies and their behavior. I will focus on partition zero handling and partition assignment randomization.

Partitioned CRL Concept

Just a brief recap of previous post: revoked certificates are uniformly (or close to it) distributed across different partitions. The following figure shows basic partitioning concept with five partitions:

Hello all! This blog posts opens an "AD CS Partitioned CRLs - A Comprehensive Guide" blog post series.

All posts in this series:

• Part 1 - Introduction (current)
• Part 2 - Design Strategies
• Part 3 - Configuration Components
• Part 4 - Recipe guide
• Part 5 - Partitioned CRL API and Events

Starting with 2025 10B update (October 14, 2025), AD CS on Windows Server 2019 and newer will receive a new feature called Partitioned Certificate Revocation List (CRL), or Partitioned CRL. CRL partitioning is a process of splitting single CRL into a set of smaller CRLs. The following updates will enable this feature:

• Windows Server 2019 - KB5066586
• Windows Server 2022 - KB5066782
• Windows Server 2025 - KB5066835

Let's recall the need of partitioned CRL and current state of the subject before we dig into new update.