Update 14.03.2013: added workaround information

SYMPTOMS

Consider the following scenario. You install and configure Certificate Enrollment Web Service (CES) against a Certification Authority (CA) that has spaces and other disallowed by HTML URL scheme characters in the certificate name. When you attempt to use the service for certificate enrollment, the following message appears:

Updated 20.06.2018: clarified the purpose of NTAuthCertificates DS container.

Hello folks! Today I want to explain in details about Active Directory containers related to ADCS (Active Directory Certificate Services), their purposes and how they work.

Intro

All ADCS related containers are stored in configuration naming context under Public Key Services container:

CN=Public Key Services, CN=Services, CN=Configuration, DC={forest root domain}

Since Public Key Services container is stored in configuration naming context, any it’s content is replicated between all domain controllers in the current forest (not only current domain) and are available to any client in the forest. This means that there is no way to limit PKI containers only to specific domain or domains.

Here is a screenshot from ADSIEdit.msc tool:

Just let you know, it is pushed (with sources) to CodePlex.

>> Welcome <<

Update 18.11.2013: pointed URL to a CodePlex project page.

Phinally!!!

Abstract

As you already know, last time I worked on my next PowerShell PKI module and encountered in an issue with Microsoft’s Cmdlet Help Editor. When I tried to open my module (and any other built-in module) I got very nice message:

Ok, I tried to download sources (thanks, they are available for download) and was stuck with WPF. I heard that WPF is a modern replacement for WinForms, and that was the only what I knew about WPF. I was able to fix mentioned message issue, but failed with application layout. The form has fixed size and no scroll bars. So I couldn’t access textboxes and commands which are outside of my screen (even if I worked on a 1680*1050 display). And I decided to create my own Help Editor with with “blackjack and hookers”.

Hello S-1-1-0! I rarely write offtopic posts, but holy tits God, sometimes it happens!!! Today NHL lockout is ended (although tentatively, but in any way)!!!!!!1111oneone

Abstract

I missed real hockey (KHL is not a sort of good hockey) and this year lockout was very disappointing. Now we have shortened season (48-50) games and it is much better than nothing.

As per recent news, a new CBA (Collective Bargaining Agreement) is signed for another 10 years. The season may start at January 15 (for 50-game season) or 19 (for 48-game season). Salary cap for this season remains the same ($70,2 million) and for the next season it is set to $64,3 million.