I have a new forest trust between two Windows Server 2003 servers, Forest A and Forest B. My Enterprise Root CA is installed in Forest A. Auto enrollment for computers with GPO is configured and is working i Forest A.
Now I need to autoenroll computer certificates i Forest B. How do I do this?
On Technet I found information on how to publish certificates in a foreign AD by running the following command;
certutil -setreg CA\AlternatePublishDomains
Here is the link I found it on; http://technet.microsoft.com/en-us/library/cc786746.aspx
Is this the right thing for me to do?
Then whats next? Do I need to give permission on the Win2003 Server i Forest B to able to distribute new certificate in Forest B? Do I need CA installed on that machine or does it get all information from Forest A.