Re: Enroll smart cards for different domain

From: David Cross [MS] (dcross_at_online.microsoft.com)
Date: 09/18/03

• Next message: Hans Walder: "Re: Enroll smart cards for different domain"
• Previous message: msnews.microsoft.com: "Web Tool On Windows 2003 For IIS"
• In reply to: Hans Walder: "Re: Enroll smart cards for different domain"
• Next in thread: Hans Walder: "Re: Enroll smart cards for different domain"
• Reply: Hans Walder: "Re: Enroll smart cards for different domain"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 17 Sep 2003 16:24:33 -0700

yes this is supported as long as both domains are in the same forest, what
is failing?

make sure both CAs can issue the same template.

Best Practices:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/maintain/operate/ws3pkibp.asp

-- 
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
http://support.microsoft.com
"Hans Walder" <hans.walder@pointag.net> wrote in message
news:%23YuQudTfDHA.556@TK2MSFTNGP11.phx.gbl...
> By the way, we are using Windows Server 2003 Native Mode and Windows XP
> Professional Workstation.
>
> Thanks to all,
> Hans
>
> "Hans Walder" <hans.walder@pointag.net> wrote in message
> news:50fd01c37d1d$590db520$a501280a@phx.gbl...
> > Hi everyone,
> >
> > We have the following test enviroment:
> >
> > Domain A
> > - Domain Controller
> > - Enterprise Certificate Authority (member of domain A)
> >
> > Domain B
> > - Domain Controller
> >
> > And both domains trust each other.
> >
> > I can enroll smart cards for users from domain A.
> >
> > But is it also possible to do it for users from domain B?
> > Or do we have to have our own CA for each domain?
> >
> > Small Hint: When I create a folder and want to add a user
> > to the security tab I can choose users from both domains
> > but if I enroll a smart card I can only choose them from
> > domain A.
> >
> > Is this because the CA is only trusted to Domain
> > Controller A but not do Domain Controller B?
> >
> > Does someone have any experiences on that?
> >
> > Thank you all,
> > Hans
> >
> >
>
>

---

• Next message: Hans Walder: "Re: Enroll smart cards for different domain"
• Previous message: msnews.microsoft.com: "Web Tool On Windows 2003 For IIS"
• In reply to: Hans Walder: "Re: Enroll smart cards for different domain"
• Next in thread: Hans Walder: "Re: Enroll smart cards for different domain"
• Reply: Hans Walder: "Re: Enroll smart cards for different domain"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Enroll smart cards for different domain ... we are using Windows Server 2003 Native Mode and Windows XP ... > - Domain Controller ... > I can enroll smart cards for users from domain A. ... (microsoft.public.windows.server.security) Re: Smartcard logon and certification authority ... If the CA is not your domain controller and the CRLs are current there ... smart cards also] and the user account or security policy does not require ... > I have activated the logon to domain by smartcard. ... > SmartCardLogon don't work but normal logon work? ... (microsoft.public.windows.server.security) Enroll smart cards for different domain ... Domain Controller ... And both domains trust each other. ... I can enroll smart cards for users from domain A. ... (microsoft.public.windows.server.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.windows.server.security  > 2003-09