I have a Windows domain that is in the process of being upgraded. The Native Functionality of the domain is Windows 2003. We are in the process of decommissioning the Windows 2003 servers, and the 2003 DC is currently the domain Enterprise CA ROOT.
I have added a Windows 2012 server to the domain and promoted it. I have added Certificate Services, and all of the associated ROLE services, and now I'm ready to configure the ROOT CA. I am unsure of how to proceed...
- Should I install this new 2012 DC as a ROOT CA?
- Since there is already a Windows 2003 DC that is a ROOT CA, how do I handle this? I do not have any GPO's that use auto-enrollment or certificate based remote access.
My intention of use is to start using auto-enrollment for wireless devices to auto-connect to a Cisco based WIFI controller, and for remote access.