Entrust provides an InstallEnrollmentService.ps1 PowerShell script that allows you to create, edit, and remove enrollment services in Active Directory. The script also allows you to remove enrollment services from Active Directory.
You should remove an enrollment service only when you will no longer use that enrollment service with Certificate Enrollment Gateway.
To run the script, you must use a Windows user account with Domain Admin and Enterprise Admin permissions.
To update the enrollment URLs for an enrollment service using the InstallEnrollmentService.ps1 script
- Open an elevated PowerShell window. Select Start > Windows PowerShell, then right-click Windows PowerShell > Run as administrator.
- Navigate to the directory where you extracted the PowerShell scripts.
Enter the following command to run the
InstallEnrollmentService.ps1script:.\InstallEnrollmentService.ps1The script validates the pre-requisites and installs any missing Windows packages or features. For example:
The PowerShell script was tested on specific versions of PowerShell. When validating the prerequisites, the PowerShell version my be listed as Unverified, an "Unverified" version of PowerShell indicates that the script was not tested on that version of PowerShell. You can still use the script on an "Unverified" version of PowerShell.
Validating pre-requisites:Script-Mode: WindowsScript Version:1.5.1.19- Member of Domain: Verified- Domain Admins privileges: Verified- Enterprise Admins privileges: Verified- Windows Version: Verified (Microsoft Windows NT10.0.17763.0)- PowerShell Version: Verified (5.1.17763.2931)------------------------------------------------------------Validating ldifde is installed.ldifde.exe is installed.Validating Windows Feature RSAT-ADCS-Mgmt is installedInstalling RSAT-ADCS-MgmtThe script prompts you to select a management option:
Entrust Enrollment Service PowerShellUsing this PowerShell script, Enrollments servers can be created, removedand Edited.Please select from the following options to continue :[N] New Service [E] Edit Service [Q] Quit [?] Help (default is "N"):Enter
Eto edit an existing enrollment service.If more than one enrollment service is defined in Active Directory, the script displays the list of enrollment services and asks you to select one of the enrollment services:
Select from the following List of defined Enrollment Services :Index Enrollment Service Name----- -----------------------1CEG WSTEP2Entrust WSTEPPlease select the Index to select an Enrollment Service.0to quit.:Enter the number associated with the enrollment service you want to edit. If only one enrollment service exists, that service is automatically selected by the script.
The script displays the currently-selected enrollment service, and prompts you to choose from a list of options:
Currently Selected Enrollment Service : Entrust WSTEPChoose from the following Options:[E] Edit [R] Remove [P] Previous [?] Help (defaultis"E"):Enter
Rto remove the selected enrollment service.The script asks you to confirm the operation:
Removing Enrollment Service : CEG WSTEPAre you sure you want to delete this Enrollment Service(y/n)?:To confirm that you want to delete the enrollment service, enter
y. The script deletes the enrollment service from Active Directory.- To cancel the operation and return to the previous menu, enter
n.
- To exit the script after removing the enrollment service:
Keep entering
Pto return to a previous menu until you return to the main menu:Entrust Enrollment Service PowerShellUsing this PowerShell script, Enrollments servers can be created, removedand Edited.Please select from the following options to continue :[N] New Service [E] Edit Service [Q] Quit [?] Help (default is "N"):- Enter
Qto exit the script.