Re: 2003 CA in 2000 Domain

> Yeah, thanks I have reviewed that. That is the method I used, but am now
> getting error messages from certificate services. I am thinking its
> because my domain is running at the 2000 level and the Certificate
> authority is 2003. Will running adprep solve this issue?
>> Hello James,
>> See here:
>> http://support.microsoft.com/kb/298138
>> Best regards
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> We are planning on moving our CA server to Windows 2003. We currently
>>> have
>>> a Windows 2000 based domain.
>>> I have gone ahead and done this in a test environment, and am getting
>>> a
>>> bunch of error messages in event veiewer on the new 2003 CA.
>>> My understanding is that I need to run adprep, and forest prep on our
>>> 2000 domain controller, to bring it up to the 2003 level. Is this
>>> correct? Will this harm anything, if we don't actually upgrade our
>>> domain controllers to windows 2003?

> Please no e-mails, any questions should be posted in the NewsGroup
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>> Yeah, thanks I have reviewed that. That is the method I used, but am now
>> getting error messages from certificate services. I am thinking its
>> because my domain is running at the 2000 level and the Certificate
>> authority is 2003. Will running adprep solve this issue?
>>> Hello James,
>>> See here:
>>> http://support.microsoft.com/kb/298138
>>> Best regards
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> We are planning on moving our CA server to Windows 2003. We currently
>>>> have
>>>> a Windows 2000 based domain.
>>>> I have gone ahead and done this in a test environment, and am getting
>>>> a
>>>> bunch of error messages in event veiewer on the new 2003 CA.
>>>> My understanding is that I need to run adprep, and forest prep on our
>>>> 2000 domain controller, to bring it up to the 2003 level. Is this
>>>> correct? Will this harm anything, if we don't actually upgrade our
>>>> domain controllers to windows 2003?
> As far as I know you can't run 2003 certificate services in a 2000 domain
> or on a Windows 2000 server.
> This should have been posted in the security Newsgroup and I have included
> them in on this response. The PKI experts are in this NewsGroup.
> --
> Paul Bergson
> MVP - Directory Services
> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
> 2008, 2003, 2000 (Early Achiever), NT4
> http://www.pbbergs.com
>

> You can run a Windows Server 2003 PKI in a Windows 2000 domain, as long as
> the Schema is updated to the Windows Server 2003 schema (to add the v2
> certificate template object and attributes).
> We deployed this at several customers circa 2003.
> Brian
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>> Yeah, thanks I have reviewed that. That is the method I used, but am
>>> now getting error messages from certificate services. I am thinking its
>>> because my domain is running at the 2000 level and the Certificate
>>> authority is 2003. Will running adprep solve this issue?
>>>> Hello James,
>>>> See here:
>>>> http://support.microsoft.com/kb/298138
>>>> Best regards
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>>> confers no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> We are planning on moving our CA server to Windows 2003. We currently
>>>>> have
>>>>> a Windows 2000 based domain.
>>>>> I have gone ahead and done this in a test environment, and am getting
>>>>> a
>>>>> bunch of error messages in event veiewer on the new 2003 CA.
>>>>> My understanding is that I need to run adprep, and forest prep on our
>>>>> 2000 domain controller, to bring it up to the 2003 level. Is this
>>>>> correct? Will this harm anything, if we don't actually upgrade our
>>>>> domain controllers to windows 2003?
>> As far as I know you can't run 2003 certificate services in a 2000 domain
>> or on a Windows 2000 server.
>> This should have been posted in the security Newsgroup and I have
>> included them in on this response. The PKI experts are in this
>> NewsGroup.
>> --
>> Paul Bergson
>> MVP - Directory Services
>> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
>> 2008, 2003, 2000 (Early Achiever), NT4
>> http://www.pbbergs.com
>