Location: List Archives

List Archives

This forum is an archive of all posts to our mailing list over the past few years.  The forum is set read only therefore to contribute you will need to join our list community.  See more info about this here.

 

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Forums >ActiveDir Mail List Archive >List Archives
Subject: [ActiveDir] "RAS and IAS Servers" group scope: to change or not to change?
Prev Next
You are not authorized to post a reply.

AuthorMessages
gabriel/tfiUser is Offline

Posts:425

03/08/2008 10:42 PM  
When we implemented PKI we deployed CAs on the forest root domain and we had
to modify the "Certificate Publisher" group scope from Global to Domain
Local to allow CAs to publish certificates to child domains, because our
Win2003 AD was an upgrade from a Win2000 AD.

http://support.microsoft.com/kb/555183/en-us

http://support.microsoft.com/kb/281271/



Now we face a similar problem with group scope.

We would like to setup CAs in forest root domain to issue Server
Authentication certificates to Radius servers located at the child domain,
so my idea was to filter the Certificate Template by the Child Domain's "RAS
and IAS Servers" group, but unfortunately this group scope is Domain Local
and has no visibility to the forest root domain.

I temporarly created a Global Group called "Radius Servers" in the child
domain and duplicated the computer objects from the "RAS and IAS Servers",
then filtered the certificate template by this group. It works, but
duplicating is never efficient.



What is the best practice to address this problem?

I thought about changing the "RAS and IAS Servers" from Domain Local to
Global, but I am not sure it is a good solution.



Thank you in advance - Gabriele.


You are not authorized to post a reply.
Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] "RAS and IAS Servers" group scope: to change or not to change?



ActiveForums 3.7
Friends

Friends

VisualClickButoton
Members

Members

MembershipMembership:
Latest New UserLatest:MrPTSai
New TodayNew Today:0
New YesterdayNew Yesterday:0
User CountOverall:5234
People OnlinePeople Online:
VisitorsVisitors:53
MembersMembers:0
TotalTotal:53
Online NowOnline Now:

Ads

Copyright 2009 ActiveDir.org
Terms Of Use