• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 906
  • Last Modified:

Installing Active Directory Certificate Services on windows 2008 R2

Hi Experts,

I would like to install Lync server 2010 on one of my server , as a prerequesite I need to have a certificate authority installed on my domain.
I currently have:
1 2003 server with SQL installed
1 2003 Server with DNS / AD / Exchange installed
1 2008 R2 Server with DNS /DHCP /AD

My question is regarding my domain , if I install the role "Active Directory Certificate Services" on my domain controller" on my windows 2008 AD is it gonna change anything to my users who are currently connected? and what about Exchange ,is it gonna stop working until a certificate is installed in it?

I am very unfamiliar with Certificate so I am not sure what is the impact after this role is installed.
Can someone clarify that?

this is what I understand about certificate, when a client or server are accessing each other if the certificate is not the same on both sides then they won't communicate.
Thank you.
  • 2
  • 2
3 Solutions
Will SzymkowskiSenior Solution ArchitectCommented:
If you are not familiar with ADCS I would definitly spend sometime reading the below technet. ADCS is an animal in itself and depending on the steps and integration a lot of time might be required to set it up properly.


Another thing to note is that it is not recommended to install ADCS on a domain controller or Exchange server. You will want to install this on another member server in your environment.

Hope this helps!
ADCS can be installed on a member server or on a stand alone server. here is the Certificate Services Best practices

tavernyAuthor Commented:
Thank you for your response, I do have a tutorial on how to install it, my question is regarding my users currently connected to the domain. Do I need to add a user certificate to all the computers connected to the domain after the role is installed ? and also my other AD will it no work until that I install a certificate on it , or everything is still gonna work and the certificate can be used for the server/application I choose?

I am following this video on youtube to install the certificate required for my LYNC server:
at 2:30 min this is where he talks about the certificate.

You will be installing the ADCS on the domain controller with enterprise installation mode also latter in the configuration of topology you can add additional domain this way you don't have to worry about the certificate for local and other domain as long as you have trust between them.
tavernyAuthor Commented:
I finally installed the certificate server on my domain controller , and generate a certificate for my lync server and everything seems to be fine. Thank you for your help.

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now