From 2b5f05b5783fea2b49d261257e32e7f3a03ad79e Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Thu, 25 Mar 2021 09:21:15 -0700 Subject: [PATCH] pencil edit --- .../hello-for-business/hello-hybrid-key-whfb-settings-pki.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md index f69acb002a..7c662edce9 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md @@ -82,6 +82,7 @@ The certificate template is configured to supersede all the certificate template > [!NOTE] > A domain controller's certificate must chain to a certificate in the NTAuth store in Active Directory. By default, online "Enterprise" Active Directory Certificate Authority certificates are added to the NTAuth store at installation time. If you are using a third-party CA, this is not done by default. If the domain controller certificate does not chain to a trusted CA in the NTAuth store, user authentication will fail. +> > You can view an AD forest's NTAuth store (NTAuthCertificates) using PKIVIEW.MSC from an ADCS CA. Open PKIView.msc, then click the Action menu -> Manage AD Containers. To see all certificates in the NTAuth store, run **Certutil -viewstore -enterprise NTAuth** from the command-line interface (Cmd.exe). ### Publish Certificate Templates to a Certificate Authority