Active Directory Certificate Services - Auto-Enrollment/Certificate Enrollment Policy
Hi, Consider the following scenario: One Active Directory domain in one Active Directory forest Two Active Directory sites Two Active Directory Issuing CA`s, one in each site Version 2 Computer template published on both CA`s Auto-enrollment will be used for deploying Computer certificates How can we control which CA the Auto-enrollment policy use for requesting Computer certificates? We want to control that clients in site 1 requests certificates form CA 1, and clients in site 2 requests certificates from CA 2.
April 4th, 2011 7:13am

On Mon, 4 Apr 2011 11:08:05 +0000, scripter42 wrote: How can we control which CA the Auto-enrollment policy use for requesting Computer certificates? We want to control that clients in site 1 requests certificates form CA 1, and clients in site 2 requests certificates from CA 2. The only way to accomplish this is to use two certificate templates and then adjust the DACL on each certificate template. You'll need a two groups, one for each site that contains all of the computers in the site and then assign Read, Enroll, and Autoenroll as appropriate. Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca Why do we want intelligent terminals when there are so many stupid users?
Free Windows Admin Tool Kit Click here and download it now
April 4th, 2011 7:28am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics