Hey everyone, I heard that Microsoft is rolling out some strong certificate mapping changes in September. I'm currently running all my domain controllers on Windows Server 2016. Could this update impact me or any certificates that I've deployed through Intune? Would appreciate any insights!
4 Answers
I found a guide that explains the change, and it mentions that it's only supported for KDCs running on Windows Server 2019 or later. So if you're on 2016, it sounds like you could potentially face some issues with this update. Definitely worth looking into!
It's hard to say without more details, but generally speaking, changes like these can have varying impacts depending on your setup. You might want to keep an eye on the specifics of the update.
If you're using a certificate template with the 'Automatic SID OID Extension' setting and leveraging 'Build from AD info' in the Subject Name tab, you should be okay. This should embed the necessary SID into the certificate, but double-check the event IDs from the article to be safe!
Yeah, definitely keep track of those event IDs mentioned. They can help monitor how the changes are impacting your setup. Keeping everything updated would be key to avoiding issues in the future!
I checked the article, and it specifically states that this applies to Windows Server 2019 KDCs. So it seems like my Domain Controllers might be affected after all.