RadioGenX

My feedback

  1. 20 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    need-feedback  ·  5 comments  ·  Azure Active Directory » Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
    RadioGenX commented  · 

    The wind just left my sails as I'm learning that I cannot create an enterprise PKI in my ADDS. I've been an on-prem AD admin for 20 years and have been rolling along nicely with my first ADDS set up in Azure. I've built my VM to host the certificate authority, joined it to my domain, and go to add the role .... and the enterprise pki button is grayed out!? I'm thinking I did something wrong, how can this be? This cannot possibly be by design. If this restriction is really by design, I'm going to have to re-think my entire strategy.

    PS C:\> Install-AdcsCertificationAuthority -CAType EnterpriseRootCa -CryptoProviderName "RSA#Microsoft Software Key Storage Provider" -KeyLength 2048 -HashAlgorithmName SHA1 -ValidityPeriod Years -ValidityPeriodUnits 3

    Install-AdcsCertificationAuthority : CCertSrvSetup::InitializeDefaults: Access is denied. 0x80070005 (WIN32: 5
    ERROR_ACCESS_DENIED)
    At line:1 char:1

    REALLY?

    RadioGenX supported this idea  · 

Feedback and Knowledge Base