Directory Services Store (dsstore)

Directory Service Store (dsstore) is part of the Windows 2000 Server Resource
Kit, a Security Tools component. One normally uses the MMC Active Directory Users and Computers snap-in and the Certificate Services snap-in to manage most aspects of
enterprise root CAs. Like most admin activities, the GUI-based tools are OK for
a small shop or onesy/twosy type changes but is not adequate for large
enterprises because one can not script mass changes.

dsstore will let you list, add, and delete Enterprise Root CAs; maintain
certificate revocation lists (CRLs) in AD; and add Win2K CAs or offline CAs to
the enterprise PKI stored in your Active Directory. W2K will automatically
enroll a user and computer when an operation starts that requires a certificate.
You can proactively enroll users using dsstore. You can do problem solving to
check the status of DCs certificates and verify the validity of smart cards.

Related Tips:

Troubleshooting Windows 2000 PKI Deployment and Smart Card Logon

The Dsstore Tool May Not Work If the NetBIOS Name and the DNS
Domain Name Are Different

How to Install a Windows 2000 Certificate Services Offline Root
Certificate Authority

Windows 2000 Certificate Services

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top