CA design Forest and subdomains

Discussion in 'Server Security' started by booster, May 19, 2009.

  1. booster

    booster Guest

    We have 1 Forest with an empty Forest Root Domain and 3 regional subdomains
    for example:

    The Active Directory structure for Fabrikam is a single forest with four
    domains:,,, and

    We create an offline Root CA.
    We implement 1 issuing/Policy CA.
    All CA Administrations are done centraly in the HQ.

    Q1) Should we place the Issuing CA for all Subdomains in the empty, or can we place the the Issuing CA in the
    for all domains ?

    Q2) where do we have to publish the LDAP location? in the forest root domain

    booster, May 19, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.