We have a Single Domain, Single Forest environment..Hmm..well basically two domain for the top level domain is empty (domain.local) and all objects exists into the single child domain (my.domain.local). The current domain level is Windows 2003 R2 native.
I need to install OCS 2007 and RMS services for which I was planning to use Windows 2008 inbuilt certificate services and emulate an internal PKI.
What's involved? I have three maor site locations / offices and each office has a copy of root and domain controllers. All site locations have their set of objects represented within an OU structure within the AD.
I have read a bit of setting up a PKI structure. A root CA and underlying CA's but I need to get a bit more clarity on that design within my current AD structure.
Would someone who has been there and done that. Throw some more light into this aspect and pass me over some helpful links, even if they be borne of 'google' search'. :)