Directory Service Store (dsstore) is part of the Windows 2000 Server Resource
Kit, a Security Tools component. One normally uses the MMC Active Directory Users and Computers snap-in and the Certificate Services snap-in to manage most aspects of
enterprise root CAs. Like most admin activities, the GUI-based tools are OK for
a small shop or onesy/twosy type changes but is not adequate for large
enterprises because one can not script mass changes.
dsstore will let you list, add, and delete Enterprise Root CAs; maintain
certificate revocation lists (CRLs) in AD; and add Win2K CAs or offline CAs to
the enterprise PKI stored in your Active Directory. W2K will automatically
enroll a user and computer when an operation starts that requires a certificate.
You can proactively enroll users using dsstore. You can do problem solving to
check the status of DCs certificates and verify the validity of smart cards.
Related Tips:
Troubleshooting Windows 2000 PKI Deployment and Smart Card Logon
The Dsstore Tool May Not Work If the NetBIOS Name and the DNS
Domain Name Are Different
How to Install a Windows 2000 Certificate Services Offline Root
Certificate Authority
Windows 2000 Certificate Services