|Subject:||Enterprise CA placement|
|Posted by:||study (stu…@discussions.microsoft.com)|
|Date:||Fri, 26 Jun 2009|
We currently have a single 2003 active directory forest with one root empty
domain and 2 child domains.
We are going to create an offline standalone root CA (on a workgroup server)
then one issuing Enterprise CA (on a DC).
My question is,
1. which domain should we install the Enterprise CA on?
The issuing CA would be servicing all 3 domains. Can we install on one of
the child domain DCs or does it need to be on the root domain DC?
2. if we install 2 issuing CAs by installing CA on 2 different DCs, does it
provide redundancy in case one fails?