Enabling email encryption netween 2 forests, and moving existing CA database from Forest A to Forest B
Posted on 2008-06-10
Hi I wonder if someone has done it and can advise on the best way of doing it.
We are currently in the process of merging two forests into one and 2 Exchange organisations into one. I am using ADMT v3 to move AD objects and that works fine. I am using exmerge to move mail between the Exchange organisations that is fine too.
My question is how do I enable email encryption between the forests during the course of the merge?
Also how do I enable users that have been migrated over to still be able to access their old encrypted emails?
Do I have to transfer the hole CA database once the merge is fully comleted?
I have been looking to find a good document on the web for this, but could not find any.
I am aware of the method when you copy the public certificate between the 2 forests, and then using adsiedit.msc export each user's certificate attribute and copy over to the other forest. To me that beeing the most efficient way sounds difficutlt to believe.