AD CS is Microsoft’s PKI implementation that provides everything from encrypting file systems, to digital signatures, to user authentication (a large focus of our research), and more. While AD CS is not installed by default for Active Directory environments, from our experience in enterprise environments it is widely deployed, and the security ramifications of misconfigured certificate service instances are enormous. (specterops.io)
PKI (Public Key Infrastructure) — a system to manage certificates/public key encryption AD CS (Active Directory Certificate Services) — Microsoft’s PKI implementation CA (Certificate Authority) — PKI server that issues certificates Enterprise CA — CA integrated with AD (as opposed to a standalone CA), offers certificate templates Certificate Template — a collection of settings and policies that defines the contents of a certificate issued by an enterprise CA CSR (Certificate Signing Request) — a message sent to a CA to request a signed certificate EKU (Extended/Enhanced Key Usage) — one or more object identifiers (OIDs) that define how a certificate can be used
rpc net group members "Cert Publishers" -U "DOMAIN"/"User"%"Password" -S "DomainController"
net group "Cert Publishers" /domain
pKIEnrollmentService
objects-scheme
flag can be used to set whether to use LDAP or LDAPS.