We currently have a root domain and two child domains. Each domain has two domain controllers running Windows 2003 Server Standard Edition. We want to install Certificate Services and allow both users and computers in the child domains to automatically.
My plan is to install a root CA on one of the DCs in the root domain and then install a sub-ordinate/issuing CA on a DC in each of the child domains. As I understand it, in order for the sub-ordinate/issuing CAs to do auto-enrolment, they must be running Windows Server Enterprise edition. That's fair enough, I can get away with re-building one of the DCs without too much bother.
My question is, does the Root CA also have to be running Enterprise Edition. As I understand it, it is only going to need to issue two certificates, one to each of the sub-ordinates in the two child domains, so I can do that manually. Will this affect the sub-ordinate CAs ability to perform auto-enrolment?
I understand that the CA must be installed on a