Hello
From a remote Win2k8 R2 server to a Win2k8 R2 server
I am using Get-ADUser just fine to my AD service using un-encriptedport 389 (credential settings are fine)
When I try to use port 636 and the parameter "-AuthType Basic" I get an error:
.......chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the "certificateValidationMode"..........
This is a self-signed certificate generated on the AD serverusing "Role: Active Directory Certificate Services" and works fine for other applicatons like - "Apache LDAP Directory browser"(trust ignored), "Softterra(trust ignored)" and even a Cisco "Call Manager Appliance (.cer installed)" Regarding the Certificate - The "Issued to:, Issued by:, FQDN installed on DNS, AND is used in the Get-ADUser call. (Get-ADUser -AuthType basic -server fqdn.dom.com:636 ........) I have installed the cert into the Root CA, The intermediate CA, both on the Client Machine. Used click on file and install, Used MMC Certificates snap-in -> local computer. I can see it in the "Trusted Root Certification Authorities" folder.
Powersehll 3.0 -> (Just upgraded since I first tried PS 2.0 as well)
How do I use "Get-ADUser" and specifiy ignore the Root Trust? (i.e. certificateValidationMode = none)
Thank you.