Prev Question
Next Question

Your network contains an Active Directory domain named The domain contains a server named Server1 that runs Windows Server 2012.
Server1 is the enterprise root certification authority (CA) for
You need to enable CA role separation on Server1.
Which tool should you use?

A. The Certutil command

B. The Authorization Manager console

C. The Certsrv command

D. The Certificates snap-in

To enable role separation
Open Command Prompt.
certutil -setreg ca\RoleSeparationEnabled 1
Reference: Enable role separation

Prev Question
Next Question

Leave a Reply

Your email address will not be published. Required fields are marked *