Guest Davor Perat Posted March 19, 2008 Posted March 19, 2008 I am trying to build new PKI based on Windows Server 2008 AD CS. Is it possible to have AD CS on Windows Server 2008 servers in Windows Server 2003 Active Directory domain? Or do I need to upgrade Active Directory to 2008 first and then build PKI? Regards, Davor Quote
Guest Brian Komar \(MVP\) Posted March 19, 2008 Posted March 19, 2008 You would need to apply the Windows Server 2008 schema to your AD. After that, you can deploy Win2k8 CAs in the environment. Brian "Davor Perat" <DavorPerat@discussions.microsoft.com> wrote in message news:01C8C69E-24BF-47E1-B7D4-7042CF416583@microsoft.com...<span style="color:blue"> >I am trying to build new PKI based on Windows Server 2008 AD CS. > > Is it possible to have AD CS on Windows Server 2008 servers in Windows > Server 2003 Active Directory domain? Or do I need to upgrade Active > Directory to 2008 first and then build PKI? > > Regards, > > Davor </span> Quote
Guest Saurav Sinha [MSFT] Posted March 19, 2008 Posted March 19, 2008 Davor, You don't need to upgrade the active directory schema to Windows Server 2008 schema for deploying and using Windows Server 2008 Certificate services. Thanks Quote
Guest Paul Adare Posted March 19, 2008 Posted March 19, 2008 On Wed, 19 Mar 2008 10:54:35 -0700, Saurav Sinha [MSFT] wrote: <span style="color:blue"> > You don't need to upgrade the active directory schema to Windows Server > 2008 schema for deploying and using Windows Server 2008 Certificate > services.</span> You do if you want to take advantage of all of the improvements that are offered by Windows 2008 AD CS. -- Paul Adare MVP - Virtual Machines http://www.identit.ca Help! I'm trapped in a Chinese computer factory! Quote
Guest Brian Komar \(MVP\) Posted March 20, 2008 Posted March 20, 2008 Saurav, Unless you wish to use Version 3 certificate templates or OCSP with the new default template. These are only available when you add the new object type. Brian "Saurav Sinha [MSFT]" <sauravs@online.microsoft.com> wrote in message news:uQDJOpeiIHA.2304@TK2MSFTNGP05.phx.gbl...<span style="color:blue"> > Davor, > You don't need to upgrade the active directory schema to Windows > Server 2008 schema for deploying and using Windows Server 2008 Certificate > services. > Thanks </span> Quote
Guest Oded Shekel [MSFT] Posted April 17, 2008 Posted April 17, 2008 Brian/Paul There is no requirement for an AD schema upgrade to support V3 template (or any other W2K8 PKI feature). Oded "Brian Komar (MVP)" wrote: <span style="color:blue"> > Saurav, > Unless you wish to use Version 3 certificate templates or OCSP with the new > default template. > These are only available when you add the new object type. > Brian > > "Saurav Sinha [MSFT]" <sauravs@online.microsoft.com> wrote in message > news:uQDJOpeiIHA.2304@TK2MSFTNGP05.phx.gbl...<span style="color:green"> > > Davor, > > You don't need to upgrade the active directory schema to Windows > > Server 2008 schema for deploying and using Windows Server 2008 Certificate > > services. > > Thanks </span> > > </span> Quote
Guest Paul Adare Posted April 17, 2008 Posted April 17, 2008 On Wed, 16 Apr 2008 22:31:01 -0700, Oded Shekel [MSFT] wrote: <span style="color:blue"> > There is no requirement for an AD schema upgrade to support V3 template (or > any other W2K8 PKI feature).</span> Thanks for the clarification Oded. -- Paul Adare http://www.identit.ca Real time: Here and now, as opposed to fake time, which only occurs there and then. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.