Directory Services Store (dsstore)

by Wayne Maples [Published on 20 April 2004 / Last Updated on 20 April 2004]

Directory Service Store (dsstore) is part of the Windows 2000 Server Resource Kit, a Security Tools component. One normally uses the MMC Active Directory Users and Computers snap-in and the Certificate Services snap-in to manage most aspects of enterprise root CAs. Like most admin activities, the GUI-based tools are OK for a small shop or onesy/twosy type changes but is not adequate for large enterprises because one can not script mass changes.

dsstore will let you list, add, and delete Enterprise Root CAs; maintain certificate revocation lists (CRLs) in AD; and add Win2K CAs or offline CAs to the enterprise PKI stored in your Active Directory. W2K will automatically enroll a user and computer when an operation starts that requires a certificate. You can proactively enroll users using dsstore. You can do problem solving to check the status of DCs certificates and verify the validity of smart cards.

Related Tips:

Troubleshooting Windows 2000 PKI Deployment and Smart Card Logon
The Dsstore Tool May Not Work If the NetBIOS Name and the DNS Domain Name Are Different
How to Install a Windows 2000 Certificate Services Offline Root Certificate Authority
Windows 2000 Certificate Services

Featured Links