Windows Server provides Microsoft Management Console snap-ins that can be used to remotely manage certificate templates and query Active Directory using PowerShell, among other things. You may need to install one or both of the following Windows features on your gateway server, depending on your environment as a whole and the gateway functions you plan to use:
- Certification Authority Management Tools
The Certification Authority Management Tools feature needs to be installed on a machine in the local environment to enable you to use the Certificate Templates Console (certtmpl.msc). This snap-in allows certificate templates to be created and managed. If there is an existing Microsoft CA
A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. in the environment, the Certificate Templates Console on that server may be used. -
Active Directory module for Windows PowerShell
This feature needs to be installed on the gateway server if you plan to synchronize user and group accounts from the local forest
An Active Directory forest (AD forest) is the top most logical container in an Active Directory configuration that contains domains, and objects such as users and computers. to the managed forest. For more information, see Create or Identify Accounts for Synchronization (Optional).If you've opted to separate the roles for the gateway and sync services onto separate machines, only the sync service machine needs the Active Directory module for Windows PowerShell.
If you will be implementing clustering, this needs to be installed on all nodes in the cluster.
Install RSAT using PowerShell
Note that it is possible to install the RSAT features using PowerShell rather than the below-referenced GUI-based installation method. The correct PowerShell command for this is:
Output from this command will look something like the following, which shows one feature installed and the other (Active Directory module for Windows PowerShell) not installed.
Figure 687: Use Get-WindowsFeature to Determine if the RSAT Features are Installed
Install RSAT in the Roles and Features Wizard
Install the necessary RSAT features on the Keyfactor Cloud Gateway as follows:
- Log on to the Keyfactor Cloud Gateway as an administrative user.
- Open Server Manager and select Add roles and features.
- On the Add Roles and Features Wizard Before you Begin page, click Next.
- On the Installation Type page, verify that the Role-based or feature-based installation option is selected and click Next.
- On the Server Selection page, verify that the Select a server from the server pool option is selected and that the appropriate server name is highlighted in the Server Pool panel. Click Next.
- On the Server Roles page, click Next (no roles are being changed).
-
On the Features page, scroll down in the Features window to locate and expand Remote Server Administration Tools->Role Administration Tools. Locate and expand Remote Server Administration Tools->Role Administration Tools-> Active Directory Certificate Services Tools and then check the Certification Authority Management Tools box.
If you're planning to use the account synchronization option, locate and expand Remote Server Administration Tools->Role Administration Tools-> AD DS and AD LDS Tools and then check the Active Directory module for Windows PowerShell box.
Click Next.
Figure 688: Install the Remote Server Administration Tools
- On the Confirmation page, click Install.
- When the installation is complete, click Close.
Was this page helpful? Provide Feedback