Active Directory Management Framework

Configuration driven Active Directory management.

NTAuthStore

Synopsis

The NTAuthStore Component allows you to define certificates to apply to the central enterprise store of trusted certificates. Useful for rolling out trust to a central PKI in a dedicated forest.

While still functional, this Component has been superseded by the more capable Certificates Component

Defining Configuration

To define the certificates to register, simply drop the .cer files in the forest/ntAuthStore folder of a Context. All certificates thus found will be added to the forest-wide certificate store.

Authorative and non-Authorative

By default, the Component only adds certificates to the NTAuthStore without removing certificates not defined (non-Authorative).

Enabling Authorative mode causes it to remove undefined certificates.

To define the authorative mode, create a json file (name not important) in the forest/ntAuthStore folder of a Context, formed like this:

{
    "Authorative": true
}

To disable it, set it to false instead.

If multiple Contexts define the “authorative” setting, the last context wins.