Hi, What does Cross-Forest Certificates require: FFL/DFL requirements? Who can request a Certificate: What should the Windows OS version be (Requester)? 2008 R2? The Client OS Version? Windows 7 (Requester) ? Is there any dependencies to other forest-domain FFL/DDL?

All the details and minimum requirements are in the whitepaper http://technet.microsoft.com/en-us/library/ff955845%28WS.10%29.aspx - Two-way forest transitive trust is required - replication of key containers within the Configuration naming context required to account forest from resource forest - Ldap referrals must be enabled on the CA - CA must be running Server 2008 R2 - Client must be running Windows XP SP3 or higher - Selective trust can be used, but all accounts that require certificates (users and computers) must be enabled for cross-forest trust Brian

Hi Brian, But what does it require for DFL or FFL!? Thanks :)

To achieve cross-forest trust, you need a Windows Server 2003 FFL. I would recommend the same for the domain If you are running higher, that is fine too Brian

But i need to have a microsoft references that exactly show what the DFL and FFL should be!!

sigh... Look at the cross-forest requirements in the paper and then look at the DFL and FFL levels required to enable cross-forest enrollment, and then you have my answer. The papers for cross-forest enrollment do not address DFL and FFL directly. Windows 2003 FFL meets the requirements. If you are unsure, please move to Windows SErver 2008 R2 DFL and FFL. Brian

I totally agree the papers does not address that anywhere :(