Guide to Cross-forest Certificate Enrollment with Windows Server 2008 R2 Beta

This paper explains how cross-forest certificate enrollment works. It also provides deployment guidance for cross-forest certificate enrollment in new and existing Active Directory Certificate Services (AD CS) deployments. Windows Server 2008 R2 Beta enables enterprise Certification Authorities (CA) to issue digital certificates to clients that are members of a different Active Directory (AD) forest. This […]

This paper explains how cross-forest certificate enrollment works. It also provides deployment guidance for cross-forest certificate enrollment in new and existing Active Directory Certificate Services (AD CS) deployments.

Windows Server 2008 R2 Beta enables enterprise Certification Authorities (CA) to issue digital certificates to clients that are members of a different Active Directory (AD) forest. This process is called cross-forest certificate enrollment. This paper explains how cross-forest certificate enrollment works. It provides deployment guidance for cross-forest certificate enrollment in new and existing Active Directory Certificate Services (AD CS) deployments. It provides strategies for consolidating existing certificate templates and presents choices for ongoing management of a cross-forest certificates deployment. A PowerShell script is provided to facilitate management tasks related to setting up and maintaining cross-forest certificate enrollment environments.

Download