to renew:
open the certification authority mmc and right-click the CA object and choose All Tasks->Renew CA Certificate…

to publish to Certification Authorities Container in AD:
certutil -f -dspublish rootca.cer RootCA

to publish to NTAuthCertificates in AD:
certutil -f dspublish rootca.cer NTAuthCA

use the pkiview.msc to easily check the status of the AD containers:
once pkiview is open, right-click Enterprise PKI and choose Manage AD Containers…

useful directory on CA:
c:\windows\system32\certsrv\certenroll

source:
http://blogs.technet.com/b/pki/archive/2011/02/28/quick-check-on-adcs-health-using-enterprise-pki-tool-pkiview.aspx

Comments are closed.