I'm using Win 2k8R2 and I have a Enterprise CA as part of my forest, and an additional Subordinate CA. When I try to request certs, all requests seem to go to the Enterprise CA. Is there something simple I'm missing here? I want all requests and certs issues to come from the Sub CA.

Hello, first of all it is recommended to keep offline the root CA for security reasons. It will be better to ask in Security forum: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/threads This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator

Ok, I'll post this question there. When you say, keep offline, you mean like powered off? Why is that? This is coming from a place of ignorance, but how is revocation handled if the CA is offline?

Yes, I mean powering it off. It is more secure because once powered off, no one can attack it. In this case, the attacker can attack the subordiante CA and in this case, you power on the root CA and revoke its certificate. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator