autoenroll DC certificate forest-wide

We have the folowing scenario: 1 Forest with an forest root domain called acme.com
There are multiple domains in the forest: europe.acme.com, apac.acme.com, us.acme.com

we have built an offline CA.

we are planning to place the online issuing CA (an enterprise subordinate) in the europe.acme.com
a) what steps are required to auto enroll certificates in the forest?
or is it better to place the Online issuing CA in the root domain, do use better auto-enrollment features ?

thanks!

.

Relevant Pages

  • Re: SOX compliant .. different password policy need for privil
    ... I am curious to know if once a forest and a root domain is created, ... have the password policy for the new domain ... and force all administrative accounts to reset their passwords under the ...
    (microsoft.public.win2000.active_directory)
  • Re: Flattening a Forrest
    ... forest root domain and migrate the old OU structure in the forest root ... new tree that will use.com. ... I need to do a staged demotion of the child domains as they are at remote ...
    (microsoft.public.windows.server.active_directory)
  • Re: Win2K DC AD Problem
    ... They are the Schema Master and the Domain ... These must be in the root domain. ... This is simply an additional tree in your forest. ... It is the first domain in the first tree in the forest. ...
    (microsoft.public.win2000.active_directory)
  • Re: AD 2003 - Empty root or Not!
    ... I would always have an empty forest root domain which is not visible ... This way you have the security of the empty root domain, ... >> DNS namespace managment. ...
    (microsoft.public.win2000.active_directory)
  • Re: Logistics of upgrading NT4 Domain to AD 2003 using in-place upgrade
    ... If you update the root domain, ... new forest using fresh builds. ... Then upgrade the NT domain as a child ...
    (microsoft.public.windows.server.active_directory)
Loading