Does any one know why using the following ldap url format [ldap://Servername/CN=[CDLocation],OU=[Container],DC=test,DC=com] causes the "Publish CRLs to this location" check box to be greyed out in the Certificate Services CA properties Extensions tab? Does windows certificate services only publish to locations with the format [ldap:///CN=[CDLocation]......], thus always quering the AD for the location? I can use a cross reference in the AD to allow the use of a member server based LDS instance but it only works using [[ldap:///CN=[CDLocation]......]. The problem with this is that clients don't appear to chase the referrals. Thanks

The URL is a non-writable URL. The only two that are writable to a domain member server are:1) LDAP:///etc. The computer account has the permissions to write to the specified location in the LDAP URL in the configuration naming context.2) File://\\server\share or FILE://c:\serverpath The data is written to a share or local file systemYou could write to your LDAP server, but would need to connect to a share on the file server usinga FILE://\\server\share style URLBrian

Many thanks Brian