One of the largely unheralded big new features of Active Directory Certificate Services is that it can now be configured to be site-aware!
This is accomplished by following the detailed steps that are described on the ADCS Wiki link below.
The short version is however as follows:
- set the CA to detect which AD site it is in by running the following on the W2k12 CA server:
certutil -f -setcasites set
- set the Windows 8 client to query AD site information about which CA it should enroll for by running the following on the client side:
certutil -setreg EnrollEnrollFlags 2
…then add some suger and bake for 30 minutes in the oven, that’s it! 🙂
AD DS Site Awareness for AD CS and PKI Clients
What’s New in AD CS [in Windows Server 2012]?