My quest to bring Best Practices to Identity Management especially with Microsoft FIM / ILM

Wednesday, April 29, 2009

Dealing with the ILM 2 RC 0 Cert in Windows server 2003 domain

The Password Reset  instructions ask us to use Group Policy to distribute the cert to the clients. This only works in Windows Server 2008 functional level domains. In Windows Server 2003 domains you can automate this using cerutil.exe
The following command will export the cert generated by ILM 2 install to the ilm2cert.cer file in the working directory

certutil -store trustedpeople IdentityLifeCycleManager2 ilm2cert.cer

This command can be used to import the cert from the command line
certutil -f -addstore trustedpeople ilm2cert.cer

-- I guess we could put the cert in a public share and then add this to the login script
certutil -f -addstore trustedpeople \\someserver\publicshare\ilm2cert.cer

Or add this to a batch file that also calls the password client install

Labels: , ,

0 Comments:

Post a Comment

Links to this post:

<< Home