I have attempted to setup Cross Forest certificate enrollment in a Test environment. I am using the document AD_CS_Cross_Forest.pdf. from the Technet article https://technet.microsoft.com/en-us/library/Ff955845(v=WS.10).aspx .
I have completed the section "Deploying AD CS for cross-forest certificate enrollment". I don't have any templates or a CA in the account domain to copy FROM, so I skipped to "Copying PKI objects to Account forest".
I am getting the error:
Copying Object: CN=402.8A47F982C359BC487708F8A89A897780,CN=OID,CN=Public Key Services,CN=Services,CN=Configuration,DC=de
v,DC=lab
WARNING: Error while coping an object. CN=402.8A47F982C359BC487708F8A89A897780
WARNING: Access is denied.
WARNING: At C:\certs\PKISync.ps1:285 char:17
+ $NewDE.psbase.CommitChanges()
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This error is one of many with the CN being different for each object.
The article does not specific permission needing to be set for the account DCs to the resource DCs etc, but my guess is I need to on the templates or objects. Any help would be appreciated.
I am getting the error:
Copying Object: CN=402.8A47F982C359BC48770
v,DC=lab
WARNING: Error while coping an object. CN=402.8A47F982C359BC48770
WARNING: Access is denied.
WARNING: At C:\certs\PKISync.ps1:285 char:17
+ $NewDE.psbase.CommitChange
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
This error is one of many with the CN being different for each object.
The article does not specific permission needing to be set for the account DCs to the resource DCs etc, but my guess is I need to on the templates or objects. Any help would be appreciated.