Active Directory Certificate Services | MS Dynamics CRM 2011

Before attempting to install Active Directory Certificate Services role on a Dev/Test server (and domain member), I ran the command "certutil", which returned two servers in our organization - listing them as Authorities.

One, a former Exchange Server. The second a soon-to-be retired credit card processing location. I would have assumed that our Domain Controllers would be the CA’s, but unless I am missing something, they don’t appear to have these roles/features installed.

My question and concern is this:

If I install Active Directory Certificate Services role on a Dev/Test server, with the Certification Authority and Certification Authority Web Enrollment services, what are the implications for the rest of the domain? And what are the implications when I want to install this same role + services on the Live/Production server after running tests on the Dev/Test?

I have followed the step-by-step video to Deploying and Configuring ADFS 2.0, as well as the video for IFD for Microsoft Dynamics CRM 2011.

It is unclear to me how installing this role (whether Standalone/Enterprise or Root CA/Subordinate CA) may or may not impact the other two CA.

I really just want to bust through the install to begin testing, but I have a vague sense that it might create havoc in some way, domain wide.

What are the do’s and don’ts here?

The goal simply put: prepare our on-premise CRM server for Internet-facing deployment. I have done the entire process in a cloud server, totally segregated from our internal network. It was slick, easy. But I fear that I will taint the Active Directory if I just start installing roles that pertain to CA.
techgrl89Asked:
Who is Participating?
 
Feridun KadirPrincipal ConsultantCommented:
Dynamics CRM does not require Active Directory Certificate Services. For an Internet-Facing Deployment you must install and configure Active Directory Federation Services 2.0.

The IFD deployment does require that CRM uses https and the web sites must be secured with a trusted certificate. Typically, the certificate is issued by an external company such as Thawte, GoDaddy, Verisign. However, you can use your own AD CS generated certificates but some additional steps are required.

Or have I missed the point of your question?
0
 
techgrl89Author Commented:
Yes, that was my point. Thank you.

I have been through too many walk-thru's and was beginning to wonder what the next step should be. I will proceed with the SSL purchase for our LIVE server.

For now, I am working through the steps on the DEV servers, sans the AD CS. I had already installed AD FS 2.0 and now will go forward without worrying about an internal CA.

Again - thank you.
0
 
techgrl89Author Commented:
We have re-written an internal wiki for our company. I thank you for your help here, but there is certainly no single answer - only more questions.
0
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

 
techgrl89Author Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for techgrl89's comment #a38507845

for the following reason:

We have re-written an internal wiki for our company. I thank you for your help here, but there is certainly no single answer - only more questions.
0
 
Feridun KadirPrincipal ConsultantCommented:
Surely my comment answered your question even in part?
0
 
Feridun KadirPrincipal ConsultantCommented:
I recommend that the question is closed by accepting answer http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Q_27832026.html#a38303860
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.