A Microsoft Endpoint Configuration Manager (MEMCM / MECM / SCCM / ConfigMgr) administrator wears many hats. One of the hats means that we need to know about Certificate. This is becoming more import as thing move to the cloud and become more secure. Most ConfigMgr admin that they are trying to mimic their production environment. However, they are generally not the administrator that setup AD Certificate Services. This step-by-step guide will show you how to install Active Directory (AD) Certificate Services. AD Certificate Services acronym is either ADCS or AD CS. You should also note that many people will call it a cert server or just certs.


This guide set will install a simple AD CS environment that, can be used within a Lab environment. Although 100% correct, will like NOT pass a proper security review. As such if you plan to use this within production, I recommend that you talk to your security team first. They might already have AD CS for you to use.

What is AD CS?

To quote the documentation for Certificate Services.

Certificate Services, a service running on a Windows server operating system, receives requests for new digital certificates over transports such as RPC or HTTP. It checks each request against custom or site-specific policies, sets optional properties for a certificate to be issued, and issues the certificate. Certificate Services allows administrators to add elements to a certificate revocation list (CRL), and to publish signed CRLs on a regular basis.

How to Install AD Certificate Services

The install of AD CS is no not all that difficult, just add the feature and keep click next. You can see this within the video that I created for the install.

The hard part come when you Configure AD Certificate Services, which is the next blog in the set. After that there will be at least three more blogs within the set. How to create a GPO to assign certificates to a computer. How to issue a certificate for code signing. And lastly how to sign your PowerShell Scripts. I will also as time permits, show you how to setup MECM using certificates. On top of that I will review and update both How To Setup SSRS To Use Https – Part 1 and How To Setup SSRS To Use Https – Part 2 article to show how this certificate server interacts with this certificate server.

There are a few others steps that I might slip into this set around Remote Desktop Protocol (RDP) and Code signing an EXE. As they all apply when you create a cert server.

Below is the Video showing the steps that I took.

Since I will be putting out a lot more videos on YouTube. Don’t forget to subscribe and click the like button. I will help bring the videos to admins like you.

Finally, don’t forget that you can subscribe to my RRS feed to stay on top of the latest trips and tricks. Additionally, if you have any questions, please feel free to touch base @Garthmj.