You are an Active Directory administrator for Contoso, Ltd. You have a properly configured certification authority (CA) in the Active Directory Domain Services (AD DS) domain. Contoso employees authenticate to the VPN by using a user certificate issued by the CA. Contoso acquires a company named Litware, Inc., and establishes a forest trust between and No CA currently exists in the AD DS domain. Litware employees do not have user accounts in and will continue to use their user accounts. Litware employees must be able to access Contoso’s VPN and must authenticate by using a user certificate that is issued by Contoso’s CA. You need to configure cross-forest certificate enrollment for Litware users. Which two actions should you perform? Each correct answer presents part of the solution.

A. Grant the AD DS Domain Computers group permissions to enroll for the VPN template on the Contoso CA.
B. Copy the VPN certificate template from to
C. Add Contoso’s root CA certificate as a trusted root certificate to the Trusted Root Certification Authority in
D. Configure clients in to use a Certificate Policy server URI that contains the location of Contoso’s CA.
  Discussion forum


Leave an answer