{"id":36,"date":"2012-07-26T11:11:00","date_gmt":"2012-07-26T09:11:00","guid":{"rendered":"https:\/\/test.n3oxid.fr\/?p=36"},"modified":"2021-04-18T21:13:29","modified_gmt":"2021-04-18T19:13:29","slug":"activation-du-ldaps-pour-le-service-active-directory-sous-windows-2003","status":"publish","type":"post","link":"https:\/\/www.n3oxid.fr\/?p=36","title":{"rendered":"Activation du LDAPS pour le service Active Directory sous Windows 2003"},"content":{"rendered":"\n

Installation de IIS<\/h2>\n\n\n\n

D\u00e9marrer > Ex\u00e9cuter > appwiz.cpl > Ajouter ou supprimer des composants Windows<\/p>\n\n\n\n

Composant Windows : Serveur d’applications > Services IIS > Service World Wide Web<\/p>\n\n\n\n

Installation de l’autorit\u00e9 de certification<\/h2>\n\n\n\n

D\u00e9marrer > Ex\u00e9cuter > appwiz.cpl > Ajouter ou supprimer des composants Windows<\/p>\n\n\n\n

Composant Windows : Service de certificats > Autorit\u00e9 de certification de services de certificats<\/p>\n\n\n\n

Type de certificat : Autorit\u00e9 racine d'entreprise\nCN : HomeCA\nDN : DC=home,DC=local\nP\u00e9riode de validit\u00e9 : 5 ans\nDB certificats : C:\\WINDOWS\\system32\\CertLog\nDB journal DB certificats : C:\\WINDOWS\\system32\\CertLog\n<\/pre>\n\n\n\n
Forcer la cr\u00e9ation d’un certificat serveur<\/h2>\n\n\n\n
D\u00e9marrer > Ex\u00e9cuter > mmc<\/p>\n\n\n\n
Ajouter le composant Certificats pour le compte de l’odinateur (local)<\/p>\n\n\n\n
Se placer sur la magasin Personnel puis emettre une requp\u00eate de certificat via le menu contextuel :<\/p>\n\n\n\n
Toutes les t\u00e2ches > Demander un nouveau certificat<\/p>\n\n\n\n
Type de certificat : Contr\u00f4leur de domaine\nNom convivial : vm-dc1.home.local\n<\/pre>\n\n\n\n
Remarque<\/ins> : cette manipulation est \u00e0 faire sur l’ensemble des contr\u00f4leurs de domaine<\/p>\n\n\n\n
Test d’acc\u00e8s LDAPS<\/h2>\n\n\n\n
D\u00e9marrer > Ex\u00e9cuter > ldp<\/p>\n\n\n\n
Connection > Connect<\/p>\n\n\n\n
Server : vm-dc1.home.local\nPort: 636\nSSL : actif\n<\/pre>\n\n\n\n
Autoriser les requ\u00eates de certificats pour tous les contr\u00f4leurs des domaines enfants<\/h2>\n\n\n\n
Ouvrir la console de gestion de l’Autorit\u00e9 de Certification :<\/p>\n\n\n\n
Outils d’administration > Autorit\u00e9 de certification<\/p>\n\n\n\n
Modifier les autorisations de l’AC :<\/p>\n\n\n\n
clic droit sur HomeCA > Propri\u00e9t\u00e9s > Onglet S\u00e9curit\u00e9,<\/p>\n\n\n\n
ajouter le groupe Contr\u00f4leurs de domaine de chaque domaine et les autoriser \u00e0 demander des certificats.<\/p>\n\n\n\n
Ajouter le groupe Contr\u00f4leurs de domaine de chaque domaine dans le groupe CERTSVC_DCOM_ACCESS.<\/p>\n\n\n\n
Mettre \u00e0 jour les param\u00e8tres de s\u00e9curit\u00e9 DCOM pour les services de certification :<\/p>\n\n\n\n
certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG<\/pre>\n\n\n\n
Red\u00e9marrer le service Distributed Transaction Coordinator :<\/p>\n\n\n\n
net stop msdtc\nnet start msdtc\n<\/pre>\n\n\n\n
Red\u00e9marrer l’Autorit\u00e9 de certification :<\/p>\n\n\n\n
net stop certsvc\nnet start certsvc<\/pre>\n","protected":false},"excerpt":{"rendered":"
Installation de IIS D\u00e9marrer > Ex\u00e9cuter > appwiz.cpl > Ajouter ou supprimer des composants Windows Composant Windows : Serveur d’applications > Services IIS > Service World Wide Web Installation de l’autorit\u00e9 …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[20,21,22,23],"class_list":["post-36","post","type-post","status-publish","format-standard","hentry","category-computing","tag-ldaps","tag-microsoft","tag-pki","tag-windows"],"_links":{"self":[{"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=\/wp\/v2\/posts\/36","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=36"}],"version-history":[{"count":1,"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=\/wp\/v2\/posts\/36\/revisions"}],"predecessor-version":[{"id":37,"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=\/wp\/v2\/posts\/36\/revisions\/37"}],"wp:attachment":[{"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=36"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=36"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=36"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}