We help IT Professionals succeed at work.

CA Registration in Active Directory

Monika-D
Monika-D asked
on
Hi - Can anyone help please?

We are migrating our Source Active Directory to our Target Group AD using the Quest Tools. Our exchange 2007 remains in the source Domain.

When the users logon to the target domain with their new account, they received a security alert which says “The security certificate was issued by a company you have not chosen to trust”.

When I select view certificate and point it to the source server hosting the ROOT CA, it works and the security alert disappear.  The problem is I have 10,000 users to migrate on this project.

Is there a way I can register our Source Active Directory Root CA in our target Active Directory to perform a certificate-based authentication of users and computers to get rid of this security alert error message?

Many Thanks

Comment
Watch Question

Yup, Import the trusted root through a GPO and hand it out to all of the clients
Check out this step by step
http://technet.microsoft.com/en-us/library/cc738131(WS.10).aspx

Author

Commented:

Thank you for your response. Apart from => on the Action menu, point to All Tasks, and then click Import. is there any configuration settings I need to set?

What are the the implications for multiple organisations who are migrating to a Single Domain for this settings?

Many thanks

You been to have a copy of the cert
the new domain will trust the old..you can remove the cert or just expire it prior to shutting down the old domain

Author

Commented:

Thorrsson: So I can maintain the two copy of the cert in both Source Domain and the target Domain until the end of the migration correct? Would there be any issue with that?
One cert was signed by each CA correct?
Then yes you can...just keep the ild CA accessible for crl checks

Author

Commented:
Hi,

The reason I have not closed this call was that I am in the process of testing Thornsson recommendation in our test lab before implementing it in our production environments.

I hope this is OK with you?


Many Thanks
No worries here

Author

Commented:
Hi Thorrsson, I tested your recommendation in the lab and migrated a user and it works.
 
Question for you. Any impact of importing the certificate to the target domain against our exchenage which is in the source domain?:
 

Many thanks

Author

Commented:
Many thanks for your help