From d38f558f44b1e687bb95c6316a426dd33caa8b6f Mon Sep 17 00:00:00 2001 From: Florin Belea <125971508+florinbelea@users.noreply.github.com> Date: Fri, 28 Feb 2025 10:26:21 +0200 Subject: [PATCH 1/3] Update configure-trusted-roots-disallowed-certificates.md Added following note fpr the Certutil -SyncWithWU command > [!NOTE] >Certutil -SyncWithWU -f updates existing files in the target folder. Certutil -syncWithWU -f -f removes and replaces files in the target folder. --- .../ad-cs/configure-trusted-roots-disallowed-certificates.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/WindowsServerDocs/identity/ad-cs/configure-trusted-roots-disallowed-certificates.md b/WindowsServerDocs/identity/ad-cs/configure-trusted-roots-disallowed-certificates.md index cb49a2d918..ce7fbf06c6 100644 --- a/WindowsServerDocs/identity/ad-cs/configure-trusted-roots-disallowed-certificates.md +++ b/WindowsServerDocs/identity/ad-cs/configure-trusted-roots-disallowed-certificates.md @@ -109,6 +109,8 @@ mechanism. ```powershell Certutil -syncWithWU \\\ ``` + > [!NOTE] + > Certutil -SyncWithWU -f updates existing files in the target folder. Certutil -syncWithWU -f -f removes and replaces files in the target folder. Substitute the actual server name for `` and shared folder name for `` For example, for a server named `Server1` with a shared folder named CTL, you'd run the command: From e6c7c47c89c2c5f587f66441ef82896a47d02b48 Mon Sep 17 00:00:00 2001 From: Florin Belea <125971508+florinbelea@users.noreply.github.com> Date: Fri, 28 Feb 2025 11:24:16 +0200 Subject: [PATCH 2/3] Change NOTE to TIP in documentation --- .../ad-cs/configure-trusted-roots-disallowed-certificates.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/WindowsServerDocs/identity/ad-cs/configure-trusted-roots-disallowed-certificates.md b/WindowsServerDocs/identity/ad-cs/configure-trusted-roots-disallowed-certificates.md index ce7fbf06c6..191dda1e78 100644 --- a/WindowsServerDocs/identity/ad-cs/configure-trusted-roots-disallowed-certificates.md +++ b/WindowsServerDocs/identity/ad-cs/configure-trusted-roots-disallowed-certificates.md @@ -109,8 +109,9 @@ mechanism. ```powershell Certutil -syncWithWU \\\ ``` - > [!NOTE] - > Certutil -SyncWithWU -f updates existing files in the target folder. Certutil -syncWithWU -f -f removes and replaces files in the target folder. + > [!TIP] + > + > Certutil -SyncWithWU -f updates existing files in the target folder. Certutil -syncWithWU -f -f removes and replaces files in the target folder. Substitute the actual server name for `` and shared folder name for `` For example, for a server named `Server1` with a shared folder named CTL, you'd run the command: From 4d825705c884350b573dbd521a59d0bb38b5cf22 Mon Sep 17 00:00:00 2001 From: Florin Belea <125971508+florinbelea@users.noreply.github.com> Date: Fri, 28 Feb 2025 11:56:32 +0200 Subject: [PATCH 3/3] Add -f flag to Certutil command Add -f flag to Certutil command by default to avoid confusion to customers --- .../ad-cs/configure-trusted-roots-disallowed-certificates.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/WindowsServerDocs/identity/ad-cs/configure-trusted-roots-disallowed-certificates.md b/WindowsServerDocs/identity/ad-cs/configure-trusted-roots-disallowed-certificates.md index 191dda1e78..6ccddc10ab 100644 --- a/WindowsServerDocs/identity/ad-cs/configure-trusted-roots-disallowed-certificates.md +++ b/WindowsServerDocs/identity/ad-cs/configure-trusted-roots-disallowed-certificates.md @@ -107,7 +107,7 @@ mechanism. 1. From an elevated PowerShell prompt, run the following command: ```powershell - Certutil -syncWithWU \\\ + Certutil -f -f -syncWithWU \\\ ``` > [!TIP] > @@ -117,7 +117,7 @@ mechanism. example, for a server named `Server1` with a shared folder named CTL, you'd run the command: ```powershell - Certutil -syncWithWU \\Server1\CTL + Certutil -f -f -syncWithWU \\Server1\CTL ``` 1. Download the CTL files on a server that computers on a disconnected environment can access over