Changing Global Group to Domain Local Group.
From: Rob McShinsky (List_at_mcshinsky.com)
Date: 01/06/05
- Next message: Roger Abell: "Re: netlogon error"
- Previous message: Brown: "Re: netlogon error"
- Next in thread: Steven L Umbach: "Re: Changing Global Group to Domain Local Group."
- Reply: Steven L Umbach: "Re: Changing Global Group to Domain Local Group."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 6 Jan 2005 09:23:00 -0500
In my Windows 2000 domain (native mode), that is almost completly upgraded
to Windows 2003 I want to change my Cert Publishers group from a Global
Group to a Domain Local Group. If you install 2003 from scratch and make it
a domain controller this group is a Domain Local Group even if you are in
Windows 2000 native mode. Currently the ability to switch this group is
greyed out.
The reasoning behind this is we are building a 2-tiered Certificate
Authority structure with the Issuing Certificate Authority in the Root
domain. All users and computer objects are in the child domain. So unless
I can put the CA computer object that is in the root domain in the Child
domain Cert Publishers group, the certificates issued to users in the child
domain do not work. If the Cert publishers group is a Domain Local group I
can easily see the CA server in the Root Domain and can add it correctly.
Does anyone have any experience with 2-tiered CA's within a 2-tiered forest?
Thanks
Rob McShinsky
- Next message: Roger Abell: "Re: netlogon error"
- Previous message: Brown: "Re: netlogon error"
- Next in thread: Steven L Umbach: "Re: Changing Global Group to Domain Local Group."
- Reply: Steven L Umbach: "Re: Changing Global Group to Domain Local Group."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
