Directory Service Store (dsstore) is part of the Windows 2000 Server Resource
Kit, a Security Tools component. One normally uses the MMC Active Directory Users and Computers snap-in and the Certificate Services snap-in to manage most aspects of
enterprise root CAs. Like most admin activities, the GUI-based tools are OK for
a small shop or onesy/twosy type changes but is not adequate for large
enterprises because one can not script mass changes.
dsstore will let you list, add, and delete Enterprise Root CAs; maintain
certificate revocation lists (CRLs) in AD; and add Win2K CAs or offline CAs to
the enterprise PKI stored in your Active Directory. W2K will automatically
enroll a user and computer when an operation starts that requires a certificate.
You can proactively enroll users using dsstore. You can do problem solving to
check the status of DCs certificates and verify the validity of smart cards.
Troubleshooting Windows 2000 PKI Deployment and Smart Card Logon
The Dsstore Tool May Not Work If the NetBIOS Name and the DNS
Domain Name Are Different
How to Install a Windows 2000 Certificate Services Offline Root
Windows 2000 Certificate Services