Hello All,
- Thare 2 Active Directory sites in 1 domain.
- Site1 contains DC1 (domain controller), RootCA (enterprise root CA),SubCA1 (enterprise subordinate CA - issuing) and W701 Windows 7 laptop.
- Site2 contains SubCA2 (enterprise subordinate CA - issuing) andW702 Windows 7 laptop.
- SubCA1 and SubCA2 have the the identically configured template which should be issued to W701 and W702, respectively.
Question: how to configure the PKI and GPO infrastructure in order to enable the certificate autoenrollment so thatW701 would have SubCA1 (The CA in the
W701's local site) as preferred source of the certificate and
SubCA2 as a backup source of the certificate. W701 should be able to obtain the certificate fromSubCA2 if SubCA1 is unavailable.
And vice versa - W702 should have SubCA2 (The CA in the W702's local site) as preferred source of the certificate and SubCA1 as a backup
source of the certificate. W702 should be able to obtain the certificate from SubCA1 if SubCA2 is unavailable.
Thank you very much in advance!