RODCs Do Not Perform Domain Controller Certificate Enrollment
http://technet.microsoft.com/en-us/library/cc730948(WS.10).aspx
quote ""
Smart card logons that are authenticated by an RODC fail. An error message appears that states that the operation is not supported.
http://technet.microsoft.com/en-us/library/cc730948(WS.10).aspx
quote ""
Smart card logons that are authenticated by an RODC fail. An error message appears that states that the operation is not supported.
Solution
To make it possible for an RODC to authenticate smart card logons, modify the following certificate templates:
- On the Domain Controller certificate template, allow Enroll permissions for the ERODC group.
- On the Domain Controller Authentication and Directory E-Mail Replication certificate templates, allow Enroll and Autoenroll permissions for the ERODC group. Allow Read permission for the Authenticated Users group.
Wow.interesting post. I have been wondering about this topic, so thanks for posting. I’ll definitely be subscribing to your site. Keep up the good posts.
ReplyDeletedomain hosting
ta
ReplyDelete