We have a root domain and a sub domain which is not a child of root. Since we are going to 2008 native mode, we want to go from root.something.com to just something.com as our root, this will make our ad.something.com sub domain a child of root. Originally we never intended to have root.something.com it was sorta done that way in error, and we just lived with it. Our two issuing CAs live in ad.something.com but I know the templates and other certificate related information lives in the root. Will collapsing the root effect our certificate services environment? root.something.com ==> something.com ad.something.com - will stay the same

This will not affect your CA infrastructure as they reside in ad.something.com. As long as the domain controllers in ad.something is untouched, your ca don't need any modification. If your CAs are standalone, they are not at all affected by any change in the domain.

We have a root domain and a sub domain which is not a child of root. Since we are going to 2008 native mode, we want to go from root.something.com to just something.com as our root, this will make our ad.something.com sub domain a child of root. Originally we never intended to have root.something.com it was sorta done that way in error, and we just lived with it. Our two issuing CAs live in ad.something.com but I know the templates and other certificate related information lives in the root. Will collapsing the root effect our certificate services environment? root.something.com ==> something.com ad.something.com - will stay the same What exactly do you mean by "collapsing our AD"? It is kind of hard to tell from your description but I'm guessing that what you're actually planning on doing is to rename your forest root domain. FWIW certificate template information does not live in the forest root domain, it exists in the configuration naming context which is a container in AD that is replicated to all domains in the forest. The only real issue that you may experience is if your AIA and or CDP urls currently point to a location in root.something.com. As always, any significant change like this should be tested in a non-production environment first, and you should have a good recovery plan in place. Paul Adare CTO IdentIT Inc. ILM MVP