Re: enabling LDAP over SSL: Enterprise CA in separate AD tree

In article <1155917238.651109.40270@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
mtw@xxxxxxx says...

So, anyone have any things for me to try?

The trick was to log into a DC in domain B as an Enterprise Admin and
set up a subordinate enterprise CA. After that I could get
certificates and enable LDAP over SSL


This is not really the solution...
You just need to change permissions on the Domain COntroller or Domain
Controller AUthentication certificate templates to allow each domain's
Domain Controllers group the Read, enroll (and maybe Autoenroll for v2
templates) permissions
Brian
.

Relevant Pages

  • Re: Exmerge run on a Domain controller
    ... use the domain\administrator user account as it will have all ... the necessary permissions. ... I beleive that the permissions you need are Enterprise Admin and Domain ... >domain controller and local policy. ...
    (microsoft.public.exchange2000.general)
  • Re: PLEASE HELP ME, THIS IS 3RD POST ALREADY
    ... do you have a default domain controller policy? ... Is it an enterprise admin? ... Below you said that your account is a domain admin- ...
    (microsoft.public.win2000.active_directory)
  • Add another DC
    ... a new domain controller in the domain. ... don't have sufficient priviligies to create an additional ... Enterprise Admin .So i have the rigths to do the operation ...
    (microsoft.public.win2000.active_directory)