Building an Exchange 2013 LAB Environment using Windows Server 2012 from scratch – Part 3: Active Directory Domain Controller: CA Installation…

In the previous two parts of this series I took you through building a Windows 2012 server on Hyper-V Server and then in the second part took you through the process of installing Active Directory Domain Services.

For reference these two posts are here and here.

In this part of the series I would like to take you through the process of installing and configuring Microsoft Active Directory Certificate Services on your domain controller. By then end of this article; our test lab will be one fourth complete – and looks like the following schematic:


You might be thinking – Andy, why are we installing this? Well the answer is simple: in our end Exchange 2013 test lab we are going want some SSL certificates generated for the OWA and Autodiscover services, rather than the self signed ones that are assigned after Exchange setup. Within the domain environment that we create; any SSL certificates that are generated from the Enterprise Root CA will be automatically trusted by the Exchange Servers and clients within that domain.

This means that we can generate as many certificates with as many Subject Alternative Names (SAN’s) as we like, without having to invest in any commercial certificates. If you should wish to install commercial certificates, you can skip this part and move onto part 4 when it is released.

Installing the Enterprise Root CAS

Rather than screenshot the entire process of configuring Active Directory Certificate Services – I thought that it would be easier to put together a quick video overview which is located below. Follow the steps outlined in the video overview customising them where needed to suit your own needs.

Within the video there is a Powershell script which is used to install the Certificate Service binaries – this is located here for download:

[ Install Active Directory Certificate Services Script – 1.1 KB ]

If you intend to use this script – you will need to follow the guide that I posted here which explains how you can execute PS1 files from the Internet by modifying PowerShell’s execution policy.

Installing a Windows 2012 Enterprise Root CA

In the next part

I will cover the build of you Exchange 2013 Servers on Windows 2012 and explain the various prerequisites that you will need for a successful install.


    1. Alex – sorry for the delay in responding. Not too sure at the moment. I had originally planned for five to six parts – but there might be more, or less – it depends on if I feel that I have covered the subject to an adequate degree. Plus there might be further ideas from readers that I may include. Cheers

    1. Peter, thank you for your comment. I am currently working on the subsequent parts to the series. As you can imagine I want them to be “just right” so it does take a little time. There should be another part released this weekend.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.