This probably seems like a bonehead question. I am about to upgrade from Server 2003 to Server 2008 active directory and am clearing out a couple of Event Viewer errors. One is ID 13, Autoenrollment. Apparently I am lacking the CERTSVC_DCOM_ACCESS security group. We have a third party certificate for our Exchange server. Can I finesse this simply by installing Certificate Services and making sure this security group is created? And adding the DCs, of course. Or will this engender some configuration headaches that might interfere with our 3rd party certificate?