When I was first learning about Active Directory Certificate Services (AD CS), a colleague told me that I should search on Step-by-Step Guide with AD CS. He was right, that was a good place to get started. Starting with Windows Server 2008 R2, the Test Lab Guide concept was introduced. So, if you want to learn how to deploy AD CS in the latest version of Windows – called Windows Server "8" Beta right now – you should look for the Test Lab Guide: Deploying an AD CS Two Tier PKI Hierarchy. The nice thing about this deployment guide is it no longer takes the easiest route of demonstrating how to deploy an online Enterprise Root CA structure. Instead, you get to see how to deploy the more appropriate and recommended two-tier PKI hierarchy. The setup is more complicated using an offline root CA, but it is also more realistic.