Thanks in advance for any assistance.
I have a Forest with multiple Active Directory domains, one domain for each geographical region I serve plus a root Domain. I have a CA in the Forest root Domain. I have subordinate CA in one of my regions.
How can I limit usage so the the regional subordinate CA only provides certificate services to that one region and does not issue certificates to other regional domains?
Presently occasionally a certificate is issued to an unintended region from my subordinate CA. It causes issues, because firewalls between my regions and bandwidth availability cause complexities. I want everyone to use the root CA, except the one region having a subordinate can use the subordinate.
Thanks for your help!
David
just david