<div>
<div class="content wysiwyg-content">
We are thinking about bringing up a CA within our organization for issuing certs to computers, &nbsp;and I have a question about Microsoft CA Service. &nbsp;We have a total of 7 AD forests in our organization and there are no trusts established among them. &nbsp;After reading through Microsoft whitepaper, it seems to me the best approch (for us) is setting up one offline standalone CA and one to two enterprise subordinate CA's for each forest in our environment. Can this work? &nbsp;Would I be able to publish the root CA's CDP and AIA and set up subordination to multiple AD forests? &nbsp; I was not able to find anything regarding how CA should be set up in a multi-forest AD environment. &nbsp;Please help.
</div>
</div>


We are thinking about bringing up a CA within our organization for issuing certs to computers,  and I have a question about Microsoft CA Service.  We have a total of 7 AD forests in our organization and there are no trusts established among them.  After reading through Microsoft whitepaper, it seems to me the best approch (for us) is setting up one offline standalone CA and one to two enterprise subordinate CA's for each forest in our environment. Can this work?  Would I be able to publish the root CA's CDP and AIA and set up subordination to multiple AD forests?   I was not able to find anything regarding how CA should be set up in a multi-forest AD environment.  Please help.

CA in a Multi-forest AD Environment

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

OS Security

Microsoft Forefront, formerly known as Internet Security and Acceleration Server (ISA Server), is a network router, firewall, antivirus program, VPN server and web cache that runs on Windows servers. It includes identity management and protection systems, and discontinued systems for threat management and network protection, along with protection for Sharepoint and Exchange. The scope of discussions includes forward and reverse proxy, application and service publishing, virtual private networks (VPNs), outbound access rules, SSL certificates and network routing within either a single node or an highly-available array pairing.