CA design Forest and subdomains

05-19-2009

We have 1 Forest with an empty Forest Root Domain and 3 regional subdomains
for example:

The Active Directory structure for Fabrikam is a single forest with four
domains: fabrikam.com, americas.fabrikam.com, europe.fabrikam.com, and
apac.fabrikam.com.

We create an offline Root CA.
We implement 1 issuing/Policy CA.
All CA Administrations are done centraly in the HQ.

Q1) Should we place the Issuing CA for all Subdomains in the empty
fabrikam.com, or can we place the the Issuing CA in the europe.fabrikam.com
for all domains ?

Q2) where do we have to publish the LDAP location? in the forest root domain
container?

Thanks.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Forest design query	UselessUser	Active Directory	2	08-18-2009 09:36 PM
Possible to have inter-forest trust between subdomains of two fore	Mike Webb	Active Directory	5	02-05-2009 09:33 PM
RE: Possible to have inter-forest trust between subdomains of two fore	Scott	Active Directory	0	02-04-2009 09:41 PM
Forest AD Design	RONCO	Active Directory	2	09-14-2007 12:44 AM
Forest design question	MaMe	Active Directory	9	02-23-2007 08:04 AM