CA design Forest and subdomains

Discussion in 'Server Security' started by booster, May 19, 2009.

  1. booster

    booster Guest

    We have 1 Forest with an empty Forest Root Domain and 3 regional subdomains
    for example:

    The Active Directory structure for Fabrikam is a single forest with four
    domains: fabrikam.com, americas.fabrikam.com, europe.fabrikam.com, and
    apac.fabrikam.com.

    We create an offline Root CA.
    We implement 1 issuing/Policy CA.
    All CA Administrations are done centraly in the HQ.

    Q1) Should we place the Issuing CA for all Subdomains in the empty
    fabrikam.com, or can we place the the Issuing CA in the europe.fabrikam.com
    for all domains ?

    Q2) where do we have to publish the LDAP location? in the forest root domain
    container?

    Thanks.
     
    booster, May 19, 2009
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.