Enroll smart cards for different domain

From: Hans Walder (hans.walder_at_pointag.net)
Date: 09/17/03 

Date: Wed, 17 Sep 2003 06:12:29 -0700

Hi everyone,

We have the following test enviroment:

Domain A
- Domain Controller
- Enterprise Certificate Authority (member of domain A)

Domain B
- Domain Controller

And both domains trust each other.

I can enroll smart cards for users from domain A.

But is it also possible to do it for users from domain B?
Or do we have to have our own CA for each domain?

Small Hint: When I create a folder and want to add a user
to the security tab I can choose users from both domains
but if I enroll a smart card I can only choose them from
domain A.

Is this because the CA is only trusted to Domain
Controller A but not do Domain Controller B?

Does someone have any experiences on that?

Thank you all,
Hans

Relevant Pages

  • Re: Enroll smart cards for different domain
    ... > "Hans Walder" wrote in message ... >> - Domain Controller ... >> I can enroll smart cards for users from domain A. ...
    (microsoft.public.windows.server.security)
  • Re: Enroll smart cards for different domain
    ... we are using Windows Server 2003 Native Mode and Windows XP ... > - Domain Controller ... > I can enroll smart cards for users from domain A. ...
    (microsoft.public.windows.server.security)
  • Re: Smartcard logon and certification authority
    ... If the CA is not your domain controller and the CRLs are current there ... smart cards also] and the user account or security policy does not require ... > I have activated the logon to domain by smartcard. ... > SmartCardLogon don't work but normal logon work? ...
    (microsoft.public.windows.server.security)