What is the best way to collect metrics on ADCS database For example, I want to know: - Number of current Issued Certificates - Number of current Revoked Certificates - Number of certificates issued in a period of time Is any MMC SnapIn or tool that collects this kind of information? thanks in advance BFC

Hello, use the enterprise PKI snap-in to obtain that. More here: http://technet.microsoft.com/en-us/library/cc732261(WS.10).aspx It will be better to ask them here: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/threads This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator

What is the best way to collect metrics on ADCS database For example, I want to know: - Number of current Issued Certificates - Number of current Revoked Certificates - Number of certificates issued in a period of time Is any MMC SnapIn or tool that collects this kind of information?thanks in advanceBFC

Although I haven't used it, Forefront Identity Manager provides certificate management. http://technet.microsoft.com/en-us/library/ff621363(WS.10).aspx http://technet.microsoft.com/en-us/evalcenter/cc872861.aspx Paul Bergson MVP - Directory Services MCITP: Enterprise Administrator MCTS, MCT, MCSE, MCSA, Security+, BS CSci 2008, Vista, 2003, 2000 (Early Achiever), NT4 http://www.pbbergs.com Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

you can use certutil with '-restrict' parameter or you can use my PowerShell PKI module: http://pspki.codeplex.com/ The following commands can be used to achieve your task: (Get-CertificationAuthority -computer ca.company.com | Get-Issued-Request).lentgth (Get-CertificationAuthority -computer ca.company.com | Get-RevokedRequest).lentgth (Get-CertificationAuthority -computer ca.company.com | Get-Issued-Request -Filter "NotBefore -ge 01.08.2011","NotBefore -le 31.08.2011").lentgth Last command will display certificates issued in august. Note that datetime format may differ depending from your regional settings.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki