• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 622
  • Last Modified:

Active Directory Certificate Services | MS Dynamics CRM 2011

Before attempting to install Active Directory Certificate Services role on a Dev/Test server (and domain member), I ran the command "certutil", which returned two servers in our organization - listing them as Authorities.

One, a former Exchange Server. The second a soon-to-be retired credit card processing location. I would have assumed that our Domain Controllers would be the CA’s, but unless I am missing something, they don’t appear to have these roles/features installed.

My question and concern is this:

If I install Active Directory Certificate Services role on a Dev/Test server, with the Certification Authority and Certification Authority Web Enrollment services, what are the implications for the rest of the domain? And what are the implications when I want to install this same role + services on the Live/Production server after running tests on the Dev/Test?

I have followed the step-by-step video to Deploying and Configuring ADFS 2.0, as well as the video for IFD for Microsoft Dynamics CRM 2011.

It is unclear to me how installing this role (whether Standalone/Enterprise or Root CA/Subordinate CA) may or may not impact the other two CA.

I really just want to bust through the install to begin testing, but I have a vague sense that it might create havoc in some way, domain wide.

What are the do’s and don’ts here?

The goal simply put: prepare our on-premise CRM server for Internet-facing deployment. I have done the entire process in a cloud server, totally segregated from our internal network. It was slick, easy. But I fear that I will taint the Active Directory if I just start installing roles that pertain to CA.
0
techgrl89
Asked:
techgrl89
  • 3
  • 3
1 Solution
 
Feridun KadirPrincipal ConsultantCommented:
Dynamics CRM does not require Active Directory Certificate Services. For an Internet-Facing Deployment you must install and configure Active Directory Federation Services 2.0.

The IFD deployment does require that CRM uses https and the web sites must be secured with a trusted certificate. Typically, the certificate is issued by an external company such as Thawte, GoDaddy, Verisign. However, you can use your own AD CS generated certificates but some additional steps are required.

Or have I missed the point of your question?
0
 
techgrl89Author Commented:
Yes, that was my point. Thank you.

I have been through too many walk-thru's and was beginning to wonder what the next step should be. I will proceed with the SSL purchase for our LIVE server.

For now, I am working through the steps on the DEV servers, sans the AD CS. I had already installed AD FS 2.0 and now will go forward without worrying about an internal CA.

Again - thank you.
0
 
techgrl89Author Commented:
We have re-written an internal wiki for our company. I thank you for your help here, but there is certainly no single answer - only more questions.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
techgrl89Author Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for techgrl89's comment #a38507845

for the following reason:

We have re-written an internal wiki for our company. I thank you for your help here, but there is certainly no single answer - only more questions.
0
 
Feridun KadirPrincipal ConsultantCommented:
Surely my comment answered your question even in part?
0
 
Feridun KadirPrincipal ConsultantCommented:
I recommend that the question is closed by accepting answer http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Q_27832026.html#a38303860
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now