Re: Enroll smart cards for different domain

From: Hans Walder (hans.walder_at_pointag.net)
Date: 09/18/03 

Date: Thu, 18 Sep 2003 10:11:21 +0300

Hello David,

thank you again for your answer.

Each of our domain belongs to one school and each domain is in its own
forest :(.

Students from School A will also come to School B.

But School A is only going to use smart card logon (at the moment) but
students
from School B should also be able to logon to our computers (with smart
cards -
because the smart card also contains several other services, i.e.
printing,...).

We have raised all domains to Native Mode and they trust each other.

Would it work if we also raise the Forest to Native Mode and make a trust
between the Forests?

Thank you everyone for any idea.
Best regards,
Hans

"David Cross [MS]" <dcross@online.microsoft.com> wrote in message
news:eB8YbLXfDHA.128@tk2msftngp13.phx.gbl...
> yes this is supported as long as both domains are in the same forest, what
> is failing?
>
> make sure both CAs can issue the same template.
>
> Best Practices:
>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/maintain/operate/ws3pkibp.asp
>
>
> --
> David B. Cross [MS]
>
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> http://support.microsoft.com
>
> "Hans Walder" <hans.walder@pointag.net> wrote in message
> news:%23YuQudTfDHA.556@TK2MSFTNGP11.phx.gbl...
> > By the way, we are using Windows Server 2003 Native Mode and Windows XP
> > Professional Workstation.
> >
> > Thanks to all,
> > Hans
> >
> > "Hans Walder" <hans.walder@pointag.net> wrote in message
> > news:50fd01c37d1d$590db520$a501280a@phx.gbl...
> > > Hi everyone,
> > >
> > > We have the following test enviroment:
> > >
> > > Domain A
> > > - Domain Controller
> > > - Enterprise Certificate Authority (member of domain A)
> > >
> > > Domain B
> > > - Domain Controller
> > >
> > > And both domains trust each other.
> > >
> > > I can enroll smart cards for users from domain A.
> > >
> > > But is it also possible to do it for users from domain B?
> > > Or do we have to have our own CA for each domain?
> > >
> > > Small Hint: When I create a folder and want to add a user
> > > to the security tab I can choose users from both domains
> > > but if I enroll a smart card I can only choose them from
> > > domain A.
> > >
> > > Is this because the CA is only trusted to Domain
> > > Controller A but not do Domain Controller B?
> > >
> > > Does someone have any experiences on that?
> > >
> > > Thank you all,
> > > Hans
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: A personal story
    ... quickly ignore his posts. ... Every time you call him Forest, despite your best attempts at denial due ... a school for the mentally challenged. ... Mr Pot, meet Mr Kettle. ...
    (uk.sport.football.clubs.celtic)
  • Re: Enroll smart cards for different domain
    ... No, I am sorry, a CA may only support one forest currently based on its ... > Students from School A will also come to School B. ... > because the smart card also contains several other services, ...
    (microsoft.public.windows.server.security)
  • Re: ATWT -- Tuesdays Show
    ... I'm glad to know I'm not the only one who thought the sex in the woods ... I knew a young woman who was two years behind me in high school and I ... Indeed, I've lived in some seedy neighborhoods over the years, but the only place I've ever seen someone put a needle in their arm was in the girl's room at Lake Forest Academy. ...
    (rec.arts.tv.soaps.cbs)
  • Re: Enroll smart cards for different domain
    ... > No, I am sorry, a CA may only support one forest currently based on its ... >> Students from School A will also come to School B. ... >> We have raised all domains to Native Mode and they trust each other. ... >> Best regards, ...
    (microsoft.public.windows.server.security)
  • Re: Iowqa School to get Laptops
    ... CENTRAL CITY - Soon students in the Central City School ... Snit will now produce evidence that using computers in education ...
    (comp.sys.mac.advocacy)