Monika-D
asked on
CA Registration in Active Directory
Hi - Can anyone help please?
We are migrating our Source Active Directory to our Target Group AD using the Quest Tools. Our exchange 2007 remains in the source Domain.
When the users logon to the target domain with their new account, they received a security alert which says “The security certificate was issued by a company you have not chosen to trust”.
When I select view certificate and point it to the source server hosting the ROOT CA, it works and the security alert disappear. The problem is I have 10,000 users to migrate on this project.
Is there a way I can register our Source Active Directory Root CA in our target Active Directory to perform a certificate-based authentication of users and computers to get rid of this security alert error message?
Many Thanks
We are migrating our Source Active Directory to our Target Group AD using the Quest Tools. Our exchange 2007 remains in the source Domain.
When the users logon to the target domain with their new account, they received a security alert which says “The security certificate was issued by a company you have not chosen to trust”.
When I select view certificate and point it to the source server hosting the ROOT CA, it works and the security alert disappear. The problem is I have 10,000 users to migrate on this project.
Is there a way I can register our Source Active Directory Root CA in our target Active Directory to perform a certificate-based authentication of users and computers to get rid of this security alert error message?
Many Thanks
ASKER
Thank you for your response. Apart from => on the Action menu, point to All Tasks, and then click Import. is there any configuration settings I need to set?
What are the the implications for multiple organisations who are migrating to a Single Domain for this settings?
Many thanks
You been to have a copy of the cert
the new domain will trust the old..you can remove the cert or just expire it prior to shutting down the old domain
the new domain will trust the old..you can remove the cert or just expire it prior to shutting down the old domain
ASKER
Thorrsson: So I can maintain the two copy of the cert in both Source Domain and the target Domain until the end of the migration correct? Would there be any issue with that?
One cert was signed by each CA correct?
Then yes you can...just keep the ild CA accessible for crl checks
Then yes you can...just keep the ild CA accessible for crl checks
ASKER
Hi,
The reason I have not closed this call was that I am in the process of testing Thornsson recommendation in our test lab before implementing it in our production environments.
I hope this is OK with you?
Many Thanks
The reason I have not closed this call was that I am in the process of testing Thornsson recommendation in our test lab before implementing it in our production environments.
I hope this is OK with you?
Many Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Thorrsson, I tested your recommendation in the lab and migrated a user and it works.
Question for you. Any impact of importing the certificate to the target domain against our exchenage which is in the source domain?:
Many thanks
Question for you. Any impact of importing the certificate to the target domain against our exchenage which is in the source domain?:
Many thanks
ASKER
Many thanks for your help
Check out this step by step
http://technet.microsoft.com/en-us/library/cc738131(WS.10).aspx