Issue Certificate for non-joined domain server or user from non trusted domain

BlackCat 86 Reputation points
2024-02-27T03:34:09.0533333+00:00

User or server from non-joined domain submit CSR on my ADCS web Enrollment, can my CA issue certificate to these use cases? Thanks

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,408 questions
0 comments No comments
{count} votes

Accepted answer
  1. Daisy Zhou 22,231 Reputation points Microsoft Vendor
    2024-03-11T08:02:58.1933333+00:00

    Hello BlackCat,

    Thank you for posting in Q&A forum.

    Based on the description above, I under you have AD CS server in your domain.

    For the devices not in the domain, you can try to use network device enroll service.

    For more information about Network Device Enrollment Service for Active Directory Certificate Services, please refer to link below.

    https://learn.microsoft.com/en-us/windows-server/identity/ad-cs/network-device-enrollment-service-overview

    For the users not in the domain, if the users are in another forest, you can try to use Certificate Enrollment Web Services to issue certificate to the users in another domain (such as domain B) using CA in one domain (such as domain A).

    Starting with Windows Server 2008 R2, you can utilize Certificate Enrollment Web Services to provide certificates across forests that do not require forest trust relationships. For a lab demonstration of such a configuration using Windows Server® 2012, see the Test Lab Guide Mini-Module: Cross-Forest Certificate Enrollment using Certificate Enrollment Web Services.

    Test Lab Guide Mini-Module: Cross-Forest Certificate Enrollment using Certificate Enrollment Web Services

    https://social.technet.microsoft.com/wiki/contents/articles/14715.test-lab-guide-mini-module-cross-forest-certificate-enrollment-using-certificate-enrollment-web-services.aspx

    I hope the information above is helpful.

    If you have any questions or concerns, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.